Lucene search
K

459 matches found

NVD
NVD
added 2025/09/09 9:15 p.m.32 views

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

9.8CVSS0.01468EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 2:15 a.m.6 views

CVE-2025-42944

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

10CVSS0.02882EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.2 views

NVIDIA NVDebug 操作系统命令注入漏洞

NVIDIA NVDebug is a debugging and diagnostic tool from NVIDIA. NVIDIA NVDebug suffers from an operating system command injection vulnerability that originates from the ability to potentially cause code to be run on the platform host as an unprivileged user, which could lead to code execution,...

9.8CVSS7.4AI score0.00426EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/04 1:1 p.m.2 views

CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

8.4CVSS6.8AI score0.00949EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/01 5:27 a.m.4 views

CVE-2025-54857

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges...

9.8CVSS10AI score0.03214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/27 9:23 p.m.5 views

CVE-2024-13985 Dahua EIMS capture_handle.action RCE

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

10CVSS7.8AI score0.07651EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-35962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

7.8CVSS7.3AI score0.01481EPSS
Exploits1References2
OSV
OSV
added 2025/08/12 7:15 p.m.3 views

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

6.7CVSS5.9AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/08 5:47 a.m.2 views

Multiple vulnerabilities in Mubit Powered BLUE 870

Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.3CVSS7.8AI score0.00848EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/06 3:29 p.m.10 views

CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

6.7CVSS7AI score0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.3 views

DeepResearchAgent 命令注入漏洞

DeepResearchAgent is an open source application from Skywork. DeepResearchAgent has a command injection vulnerability that stems from the incorrect manipulation of parameters in the fromcode/fromdict/frommcp functions in the src/tools/tools.py file, which could lead to os command injection...

6.5CVSS6.8AI score0.02188EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.3 views

Kenwood DMX958XR 操作系统命令注入漏洞

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. An operating system command injection vulnerability exists in the Kenwood DMX958XR JKWifiService function, which can be exploited by an attacker to execute code in a root context...

6.8CVSS7.9AI score0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/24 12:45 p.m.5 views

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

10CVSS5.5AI score0.01536EPSS
Exploits0References3
OSV
OSV
added 2025/07/21 10:15 a.m.3 views

CVE-2025-41673

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

7.2CVSS6.1AI score0.00594EPSS
Exploits1References2
CVE
CVE
added 2025/07/13 11:44 p.m.32 views

CVE-2025-7553

CVE-2025-7553 affects D-Link DIR-818LW firmware up to 20191215. The vulnerability is in the System Time Page, where manipulation of the NTP Server parameter allows os command injection. Exploitation is possible remotely, and the exploit has been disclosed publicly. The issue is associated with de...

7.2CVSS5.5AI score0.04165EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/06 12:0 a.m.4 views

Comodo Internet Security Premium 命令注入漏洞

Comodo Internet Security Premium is a suite of computer security software from Comodo, Inc. that focuses on Internet security. A command injection vulnerability exists in Comodo Internet Security Premium version 12.3.4.8162, which stems from incorrect manipulation of the parameter binary/params...

9.2CVSS8.4AI score0.04697EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.3 views

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...

7.5CVSS7.7AI score0.01863EPSS
Exploits0References4
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.371 views

OS Command Exec, Unix Command Shell, Bind TCP (via Lua)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via Lua Module Options msf use payload/php/unix/cmd/bindlua msf payloadbindlua show actions ...actions... msf payloadbindlua set ACTION msf payloadbindlua show options ...show and set options... msf payloadbindlua r...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.419 views

OS Command Exec, Unix Command Shell, Bind TCP (via perl) IPv6

Execute an OS command from PHP. Listen for a connection and spawn a command shell via perl Module Options msf use payload/php/unix/cmd/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options ...show and set options...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.451 views

OS Command Exec, Unix Command Shell, Reverse TCP (via jjs)

Execute an OS command from PHP. Connect back and create a command shell via jjs Module Options msf use payload/php/unix/cmd/reversejjs msf payloadreversejjs show actions ...actions... msf payloadreversejjs set ACTION msf payloadreversejjs show options ...show and set options... msf...

5.8AI score
Exploits0
Rows per page
Query Builder