CVE-2025-25256

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-24477

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command...

CVE-2021-20677

UNIVERGE Aspire series PBX UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00 allows a remote authenticated attacker to cause system down and a denial of service DoS condition by sending a specially crafted...

CVE-2024-32123

Multiple improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0...

Linux Distros Unpatched Vulnerability : CVE-2018-12617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qmpguestfileread in qga/commands-posix.c and qga/commands-win32.c in qemu-ga aka QEMU Guest Agent in QEMU 2.12.50 has an integer overflow causing a gmalloc0 cal...

CVE-2024-47566

A improper limitation of a pathname to a restricted directory 'path traversal' CWE-23 in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests...

PT-2025-50334

Name of the Vulnerable Software and Affected Versions sd command versions prior to 1.0.0 Description An issue allows attackers to escalate privileges to root via a crafted command. Recommendations Update to a version newer than 1.0.0...

CVE-2021-26093

An access of uninitialized pointer CWE-824 vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...

PT-2024-24120 · Fortinet · Fortimanager +2

Name of the Vulnerable Software and Affected Versions: FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5 FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5 FortiAnalyzer-BigData versions 7.4.0 and before 7.2.7 Description: A stack-based buffer overflow issue allows a privileged...

CVE-2024-20444 Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

CVE-2024-7203

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on a...

ROS-20240716-03

A vulnerability in the Org-Link-Expand-ABBREV function of the LISP/OL.EL file of the EMACS text editor exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command...

CVE-2023-37058

CVE-2023-37058 affects JLINK AX1800 v1.0 (Jlink by Unionman Technology). The issue is described as an Insecure Permissions vulnerability enabling a remote attacker to escalate privileges via a crafted command. The available connected documents confirm the affected product and basic impact (remote...

GO-2024-2816 kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt

kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt...

Improper Cluster Permissions

karmada-io karmada is vulnerable to Improper Cluster Permissions. The vulnerability is due to inadequate cluster permission which allows a local attacker to execute arbitrary code via a crafted command to get the token...

GHSA-WCCG-V638-J9Q2 karmada vulnerable to arbitrary code execution via a crafted command

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

karmada vulnerable to arbitrary code execution via a crafted command

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

CVE-2024-33394

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...