459 matches found
CVE-2025-43941
Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This...
CVE-2025-6541
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...
CVE-2025-6542
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-7850 Authenticated OS command execution
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...
EUVD-2025-35117
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-6541 OS command injection using information obtained from the web management interface
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...
CVE-2025-61941
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...
CVE-2025-10243
OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2025-10242
CVE-2025-10242 affects Ivanti Endpoint Manager Mobile (EPMM) via an OS command injection vulnerability in the admin panel. The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution. Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.x before 12...
PT-2025-41927
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.0.2 Ivanti EPMM versions prior to 12.5.0.4 Ivanti EPMM versions prior to 12.4.0.4 Description A flaw exists in the admin panel of Ivanti EPMM that allows a remote authenticated attacker with admin privileges ...
PT-2025-41757
Name of the Vulnerable Software and Affected Versions Ericsson RAN Compute and Site Controller affected versions not specified Description The software contains a high severity issue where improper neutralization of special elements used in an OS command could be exploited, potentially leading to...
CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-43906
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...
EUVD-2017-1487
Malware in sbrugna...
EUVD-2020-29851
Malware in sbrugna...
Unity Linux 20.1070e Security Update: xterm (UTSA-2025-680592)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680592 advisory. xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi...
CVE-2025-60957
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...
CVE-2025-60965
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...
CVE-2025-60962
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...
CVE-2025-60957
The CVE-2025-60957 entry concerns EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware 4.00 on hardware/version 6010-0071-000. The vulnerability is an OS Command Injection in the router’s OS, enabling an unauthenticated or remote attacker to potentially execute arbitrary code, cause ...