CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

Microsoft Copilot 命令注入漏洞

Microsoft Copilot is an artificial intelligence-based assistant tool developed by Microsoft. It offers capabilities such as content generation, code writing, and office collaboration. Microsoft Copilot has a command injection vulnerability, which stems from improper neutralization of special...

CVE-2025-70039

CVE-2025-70039 affects linagora Twake 2023.Q1.1223 with a CWE-78 OS command injection vulnerability. Base CVSS 3.1: 9.8 (_network, no auth, no user interaction, impact high for confidentiality, integrity, and availability). Root cause: improper neutralization of special elements used in an OS com...

GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

CVE-2025-0636

CVE-2025-0636 affects Ericsson RAN Compute and Ericsson Site Controller (EMCLI). The issue is a high-severity vulnerability arising from improper neutralization of special elements used in an OS command, potentially enabling Arbitrary Code Execution. The publicly documented details across multipl...

WordPress plugin MDTF SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-41674

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41675

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-26941

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:1019-1 Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460...

MENNEKES Ladesäule Smart 安全漏洞

MENNEKES Ladesäule Smart is a smart charging post from MENNEKES. A security vulnerability exists in MENNEKES Ladesäule Smart that stems from improper OS command neutralization, which could lead to command execution...

CVE-2024-47926 Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

CVE-2024-55976

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical Site Intel: from n/a through = 1.0...

CVE-2024-39766

Improper neutralization of special elements used in SQL command in some IntelR Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Microchip TimeProvider 4100 操作系统命令注入漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

CVE-2024-2359

The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...