1885 matches found
CVE-2023-25805
versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0...
CVE-2021-41116
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
CVE-2021-31854
A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...
CVE-2024-39759
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2022-27411
TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...
CVE-2022-27082
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo...
CVE-2022-27083
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...
CVE-2019-12771
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring...
CVE-2019-12272
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidthstatus and admin/status/realtime/wirelessstatus of the web application are affected by a command injection vulnerability...
CVE-2019-12091
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to...
CVE-2025-64991
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...
CVE-2025-56086
OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...
PT-2025-50676
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the submit wifi function...
CVE-2025-56091
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226EW1800GX10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
PT-2025-50114
Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 all versions Fortinet FortiSandbox versions 4.2 all versions Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox versions 5.0.0 through 5.0.2 Description The Fortinet FortiSandbox softwar...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
Dell SmartFabric OS10 Software Command Injection Vulnerability (CNVD-2025-29162)
Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that originates from improper neutralization of special elements in commands, which can be exploited by an attacker to cause comman...
CVE-2025-56799
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...
CVE-2025-6542 OS command injection in multiple parameters
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-43906
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...