459 matches found
CVE-2025-2947
IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...
CVE-2025-2947
IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...
Inaba Denki Sangyo Wi-Fi AP UNIT 操作系统命令注入漏洞
The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo, a Japanese company. An operating system command injection vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from a service-specific operating system command injection...
Fortinet FortiIsolator 操作系统命令注入漏洞
Fortinet FortiIsolator is a Fortinet application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the Web...
CVE-2025-24377
Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges...
CVE-2025-24383
Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is...
Zyxel VMG8825-T50K 操作系统命令注入漏洞
The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel VMG8825-T50K V5.50ABOM.8.5C0 and earlier versions, which stems from a command injection in the DNSServer parameter in the diagnostic function, which...
VulnCheck KEV: CVE-2025-1316
Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...
acmailer CGI and acmailer DB vulnerable to OS command injection
Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...
CVE-2024-50567
An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
Security update for less
This update for less fixes the following issues: CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
Multiple vulnerabilities in I-O DATA router UD-LT2
Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...
I-O Data Device UD-LT2 操作系统命令注入漏洞
I-O Data Device UD-LT2 is a wireless router from I-O Data Device Japan. An operating system command injection vulnerability exists in I-O Data Device UD-LT2 1.00.008SE and prior versions, which stems from the presence of a disjointed special element that allows an attacker to execute arbitrary...
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...
PT-2025-3387 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited through the sHour parameter in the setWiFiScheduleCfg function. Recommendations: Fo...
CVE-2024-56497
An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...
Fortinet FortiManager 操作系统命令注入漏洞
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...
Multiple vulnerabilities in SHARP routers
Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...
FXC AE1021和FXC AE1021PE 操作系统命令注入漏洞
FXC AE1021 and FXC AE1021PE are both products of FXC Corporation.FXC AE1021 is a panel wireless router with integrated RJ-45, RJ-11, and power ports.FXC AE1021PE is a wireless LAN router with support for information egress. An operating system command injection vulnerability exists in the FXC...