CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

Microsoft Copilot 命令注入漏洞

Microsoft Copilot is an artificial intelligence-based assistant tool developed by Microsoft. It offers capabilities such as content generation, code writing, and office collaboration. Microsoft Copilot has a command injection vulnerability, which stems from improper neutralization of special...

CVE-2025-70039

CVE-2025-70039 affects linagora Twake 2023.Q1.1223 with a CWE-78 OS command injection vulnerability. Base CVSS 3.1: 9.8 (_network, no auth, no user interaction, impact high for confidentiality, integrity, and availability). Root cause: improper neutralization of special elements used in an OS com...

GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

CVE-2025-0636

CVE-2025-0636 affects Ericsson RAN Compute and Ericsson Site Controller (EMCLI). The issue is a high-severity vulnerability arising from improper neutralization of special elements used in an OS command, potentially enabling Arbitrary Code Execution. The publicly documented details across multipl...

WordPress plugin MDTF SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-41674

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41675

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-26941

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:1019-1 Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460...

MENNEKES Ladesäule Smart 安全漏洞

MENNEKES Ladesäule Smart is a smart charging post from MENNEKES. A security vulnerability exists in MENNEKES Ladesäule Smart that stems from improper OS command neutralization, which could lead to command execution...

CVE-2024-47926 Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

CVE-2024-55976

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical Site Intel: from n/a through = 1.0...

The vulnerability of Dell Enterprise SONiC operating systems lies in the lack of measures to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of Dell Enterprise SONiC operating systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-39766

Improper neutralization of special elements used in SQL command in some IntelR Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

The vulnerability of the Routed PON Controller Software component in the Cisco IOS XR operating system of Cisco NCS 540 Series Routers, NCS 5500 Series Routers, and NCS 5700 Series Routers allows attackers to execute arbitrary commands.

The vulnerability of the Routed PON Controller Software in Cisco IOS XR routers from the Cisco NCS 540 Series, NCS 5500 Series, and NCS 5700 Series routers exists due to the lack of measures taken to neutralize specific elements used in the operating system commands. Exploiting this vulnerability...

Microchip TimeProvider 4100 操作系统命令注入漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...