CVE-2025-37123 Authenticated Command Injection leads to Unauthorized Actions in CLI Interface

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...

Linux Distros Unpatched Vulnerability : CVE-2023-31209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of active check command arguments in Checkmk 2.1.0p32, 2.0.0p38, 2.2.0p4 leads to arbitrary command execution for authenticated users...

CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

Linux Distros Unpatched Vulnerability : CVE-2025-32918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

PT-2025-34873

Name of the Vulnerable Software and Affected Versions: OPNsense version 25.1 Description: OPNsense version 25.1 contains an authenticated command injection issue in the Bridge Interface Edit endpoint interfaces bridge edit.php. The span POST parameter is concatenated into a system-level command...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

Xorcom CompletePBX Authenticated Command Injection via Task Scheduler

This module exploits an authenticated command injection vulnerability in Xorcom CompletePBX versions use exploit/linux/http/xorcomcompletepbxscheduler msf exploitxorcomcompletepbxscheduler show targets ...targets... msf exploitxorcomcompletepbxscheduler set TARGET msf...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-34113

CVE-2025-34113 describes an authenticated command-injection in Tiki Wiki CMS via the viewmode parameter in tiki-calendar.php. Affected versions are listed as ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14; the calendar module must be enabled and the user must have access permissions. Successful exploitat...

CVE-2025-34115

OP5 Monitor

CVE-2025-37102

CVE-2025-37102 is an authenticated command-injection vulnerability affecting the CLI of HPE Networking Instant On Access Points. The attack could allow a remote attacker with elevated privileges to run arbitrary commands on the underlying OS as a highly privileged user (CVSS 3.1 base 7.2, NETWORK...

CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface

An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privilege...

CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface

An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privilege...

HPE Networking Instant On Access Points 安全漏洞

HPE Networking Instant On Access Points is a wireless network access point from HPE America. A security vulnerability exists in HPE Networking Instant On Access Points that stems from the presence of authenticated command injection in the command line interface, which could lead to the execution ...

CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

PT-2025-48815

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw within the test mail function. An attacker can execute arbitrary commands by providing a specially crafte...