Lucene search
K

459 matches found

ATTACKERKB
ATTACKERKB
added 2025/04/17 5:15 p.m.3 views

CVE-2025-2947

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...

9.8CVSS5.8AI score0.00355EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/04/17 5:15 p.m.3 views

CVE-2025-2947

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...

9.8CVSS5.8AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.4 views

Inaba Denki Sangyo Wi-Fi AP UNIT 操作系统命令注入漏洞

The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo, a Japanese company. An operating system command injection vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from a service-specific operating system command injection...

9.8CVSS9.6AI score0.00935EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.4 views

Fortinet FortiIsolator 操作系统命令注入漏洞

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the Web...

7.2CVSS7.5AI score0.01069EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/03/28 3:15 a.m.6 views

CVE-2025-24377

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges...

7.8CVSS6AI score0.00519EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/03/28 2:15 a.m.2 views

CVE-2025-24383

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is...

9.1CVSS5.9AI score0.01273EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.4 views

Zyxel VMG8825-T50K 操作系统命令注入漏洞

The Zyxel VMG8825-T50K is an Internet access device from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel VMG8825-T50K V5.50ABOM.8.5C0 and earlier versions, which stems from a command injection in the DNSServer parameter in the diagnostic function, which...

7.2CVSS7.5AI score0.01128EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/03/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-1316

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...

9.8CVSS7.8AI score0.7227EPSS
Exploits2References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/14 7:39 a.m.3 views

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

9.8CVSS7.5AI score0.01361EPSS
Exploits0References7
OSV
OSV
added 2025/02/11 5:15 p.m.6 views

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

7.2CVSS5.9AI score0.02316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:8 p.m.13 views

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

10CVSS7.2AI score0.03816EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2025/02/03 8:47 a.m.2 views

Security update for less

This update for less fixes the following issues: CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

8.6CVSS7.4AI score0.00628EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/22 4:55 a.m.2 views

Multiple vulnerabilities in I-O DATA router UD-LT2

Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...

7.5CVSS7.6AI score0.01171EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.4 views

I-O Data Device UD-LT2 操作系统命令注入漏洞

I-O Data Device UD-LT2 is a wireless router from I-O Data Device Japan. An operating system command injection vulnerability exists in I-O Data Device UD-LT2 1.00.008SE and prior versions, which stems from the presence of a disjointed special element that allows an attacker to execute arbitrary...

7.2CVSS7.5AI score0.01119EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/01/17 2:8 p.m.10 views

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

9.3CVSS10AI score0.02341EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.5 views

PT-2025-3387 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited through the sHour parameter in the setWiFiScheduleCfg function. Recommendations: Fo...

9CVSS9.8AI score0.01573EPSS
Exploits1References7
OSV
OSV
added 2025/01/14 2:15 p.m.4 views

CVE-2024-56497

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...

6.7CVSS5.9AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Fortinet FortiManager 操作系统命令注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

7.2CVSS7.8AI score0.01652EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/16 10:54 p.m.4 views

Multiple vulnerabilities in SHARP routers

Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...

9.8CVSS8.1AI score0.01187EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

FXC AE1021和FXC AE1021PE 操作系统命令注入漏洞

FXC AE1021 and FXC AE1021PE are both products of FXC Corporation.FXC AE1021 is a panel wireless router with integrated RJ-45, RJ-11, and power ports.FXC AE1021PE is a wireless LAN router with support for information egress. An operating system command injection vulnerability exists in the FXC...

7.2CVSS7.9AI score0.01505EPSS
Exploits0References3
Rows per page
Query Builder