CVE-2025-59440

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

CVE-2026-32968

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

Johnson Controls Metasys’ various products have security vulnerabilities

Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...

Apache Continuum 安全漏洞

Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...

CVE-2025-62354

CVE-2025-62354 affects Cursor and is characterized as improper neutralization of OS command elements (command injection) that allows an unauthorized, remote attacker to execute arbitrary code outside of an allowlist. Public sources in the connected set (Red Hat, NVD, EUVD, CVE list mirrors) descr...

Mydata Ticket Sales Automation SQL注入漏洞

Mydata Ticket Sales Automation is a ticket sales automation system from Mydata. A SQL injection vulnerability exists in Mydata Ticket Sales Automation versions prior to 03.04.2025, which stems from improperly neutralized SQL commands and could lead to blind SQL injection...

The vulnerability of the invscout component in AIX and VIOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the invscout component in AIX and VIOS operating systems is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

PT-2024-8519 · Fortinet · Fortimanager +2

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer-BigData before 7.4.0 Description: The issue is related to improper neutralization ...

The vulnerability of the Go Getter library, related to the improper neutralization of special elements used in the command, allows a hacker to execute arbitrary code.

The vulnerability of the Go Getter library is related to the update of Git for the existing, maliciously modified Git configuration. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the lib-src/etags.c file of the EMACS text editor’s etags component allows a hacker to execute arbitrary code.

The vulnerability of the lib-src/etags.c file of the EMACS text editor’s etags component is related to the improper elimination of special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the command-line interface (CLI) of Cisco Aironet Access Point microprogramming software allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco Aironet Access Point software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root...

Cisco UCS Manager Software Local Management CLI DoS (cisco-sa-ucs-cli-dos-GQUxCnTe)

According to its self-reported version, Cisco Unified Computing System Managed is affected by a DoS vulnerability. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an...