CVE-2025-37162

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37162 Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

EUVD-2025-28756

Malicious code in bioql PyPI...

PT-2025-39306

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...

PT-2025-38366

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the UFS error handling flow within the Linux kernel. Specifically, if a device management command NOP OUT times out during link recovery and clearing the doorbell fails,...

Linux Distros Unpatched Vulnerability : CVE-2024-35968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pdscore: Fix pdsccheckpcihealth function to use work thread When the driver notices fwstatus...

CVE-2022-50215 scsi: sg: Allow waiting for commands to complete on removed device

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

CVE-2021-45998

D-Link device DIR882 DIR882FW1.30B06Hotfix02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

CVE-2025-44881

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

Sierra Wireless AirVantage 授权问题漏洞

Sierra Wireless AirVantage is an IoT connectivity and management platform from Sierra Wireless Canada. An authorization issue vulnerability exists in Sierra Wireless AirVantage. An attacker exploiting this vulnerability could configure, manage, and execute AT commands on a user's device...

SUSE CVE-2021-47622

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcdehhostresethandler - ufshcdehhostresethandler queues work that cal...

Dell Unity OS Command Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. A security vulnerability exists in Dell Unity versions prior to 5.3. An attacker exploited the vulnerability to authenticate to the device CLI and issue certain commands...

Linux kernel 数字错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.2, which stems from a divide-by-zero error in dodiv indirectly used by ctrlcdevioctl when mtd erasesize is zero. An...

CVE-2021-41503

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This...

CVE-2018-11691

Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from...

BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22076/info BlueZ hidd is prone to a device-command-injection vulnerability. A remote attacker can exploit this issue to gain control of mouse and keyboard HIDs human interface device. This will allow the attacker to...

BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection

source: https://www.securityfocus.com/bid/22076/info BlueZ hidd is prone to a device-command-injection vulnerability. A remote attacker can exploit this issue to gain control of mouse and keyboard HIDs human interface device. This will allow the attacker to interact with the targeted computer in...