81 matches found
CVE-2019-20215
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...
EUVD-2021-12937
Malware in sbrugna...
EUVD-2024-54238
Malicious code in bioql PyPI...
EUVD-2022-33471
Malicious code in bioql PyPI...
EUVD-2022-36908
Malicious code in bioql PyPI...
EUVD-2021-8822
Malicious code in bioql PyPI...
EUVD-2023-31725
Malicious code in bioql PyPI...
EUVD-2022-36909
Malicious code in bioql PyPI...
EUVD-2024-24971
Malicious code in bioql PyPI...
CVE-2025-41675
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...
PT-2025-28143 · Frauscher · Fds102
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command while uploading a config file via...
CVE-2024-27778
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....
CVE-2022-29592
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via setroute called by doSystemCmdroute...
CVE-2025-24380
Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...
CVE-2024-52961
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...
CVE-2024-52961
CVE-2024-52961 affects Fortinet FortiSandbox OS command handling. Affected are FortiSandbox versions 3.0–5.0.0 (various 3.x and 4.x releases; 5.0.0 cited). The vulnerability is due to improper neutralization of specific elements used in an OS command, allowing an authenticated attacker with read-...
CVE-2024-52961
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...
CVE-2025-22630
CVE-2025-22630 concerns the WordPress plugin Widget Options. The vulnerability is a Command Injection (improper neutralization of special elements) that allows OS Command Injection and potentially Arbitrary Code Execution. Affected software: Widget Options versions
CVE-2022-22301
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...
CVE-2024-39763
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...