File Browser: Command Execution not Limited to Scope

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

CVE-2025-52904

CVE-2025-52904 affects Filebrowser (v2.32.0) where the Command Execution feature is not scoped per user, allowing shell commands to run with the server process UID and access files across all scopes, potentially exposing the password database and enabling unauthorized read/write access. The repor...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

CVE-2025-34029 Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2025-33117 IBM QRadar SIEM command execution

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

CVE-2025-33112

CVE-2025-33112 affects IBM AIX 7.3 (TL3) and IBM VIOS 4.1.1, where the Perl implementation does not properly neutralize pathname input, allowing a non-privileged local user to execute arbitrary code. CVSS v3.1 base score 8.4 (HIGH) with local access, no user interaction required, and impacts to c...

Command Execution Vulnerability in Net Video System of Tiandiwei Technology Co.

Net Video System network video system is a video processing and transmission system based on computer network technology, mainly used for real-time monitoring, video storage and remote communication. A command execution vulnerability exists in the Net Video System of Tiandiwei Technology Limited,...

Command Execution Vulnerability in SecFox Operations and Maintenance Security Management and Audit System of Chianxin Technology Group Co.

SecFox O&M Security Management and Audit System is an O&M security management solution that integrates authentication, account management, privilege control, and O&M audit, providing unified O&M authentication, fine-grained privilege control, real-time supervision, and after-the-fact traceability...

PT-2025-23919

Name of the Vulnerable Software and Affected Versions File::Find::Rule versions through 0.34 Description The issue allows for Arbitrary Code Execution when the grep function encounters a crafted filename. This is due to a file handle being opened with the 2 argument form of open, allowing an...

Command Execution Vulnerability in Panabit Log Audit System of Beijing Paiwang Software Co.

Beijing PaiNet Software Co., Ltd. is a technology company focusing on providing network application layer solutions for the government and enterprise industries. A command execution vulnerability exists in the panabit log auditing system of Beijing Pai Networks Software Co. Ltd, which can be...

Command Execution Vulnerability in Cube OCS Management System of Hangzhou Cube Holding Co.

Cube OCS Management System is an access control management platform, mainly used for enterprise production management and access control scenarios. A command execution vulnerability exists in the Cube OCS Management System of Hangzhou Cube Holding Company Limited, which can be exploited by an...

Command Execution Vulnerability in Tianrongxin Internet Behavior Management System of Beijing Tianrongxin Technology Co.

Tianrongxin Internet Behavior Management System is a network behavior management product designed to meet the needs of various industries for network behavior management and content auditing. Beijing Tianrongxin Technology Co., Ltd Tianrongxin Internet Behavior Management System has a command...

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-42636

DedeCMS V5.7.115 has a command execution vulnerability via filemanageview.php?fmdo=newfile...

CVE-2024-51027

Ruijie NBR800G gateway NBRRGOS11.16B4P9 is vulnerable to command execution in /itboxpi/networksafe.php via the province parameter...

CVE-2023-36642

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2023-51017

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi...

CVE-2023-51018

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi...

CVE-2023-51016

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi...