Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18582)

Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

SSP ASSIGNEMENT 3 : CVE poc Exploitation of CVE-2017-5638...

reNgine 操作系统命令注入漏洞

reNgine is an automated reconnaissance framework for web applications from the individual developer Yogesh Ojha. Focused on a highly configurable streamlined reconnaissance process supported by an engine, reconnaissance data correlation and organization, continuous monitoring, supported by a...

EUVD-2023-0761

Malicious code in bioql PyPI...

EUVD-2023-43982

Malicious code in bioql PyPI...

EUVD-2022-52273

Malicious code in bioql PyPI...

GO-2025-3954 Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh

Chaos Controller Manager is vulnerable to OS command injection in github.com/chaos-mesh/chaos-mesh. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Wago CODESYS V2 Runtime System OS Command Injection (CVE-2021-30187)

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

CVE-2022-30329

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands...

PHP 操作系统命令注入漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.29, prior to 8.2.20, and prior to 8.3.8, which stems from a misconfiguration when using a Windows code page with a non-standard configuration that points to the OEM...

JVN#23771490: Multiple vulnerabilities in BUFFALO VR-S1000

VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-45741 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score: 5.2 Argument...

CVE-2023-3313

CVE-2023-3313 pertains to an OS command injection in the Trellix Enterprise Security Manager (ESM) certificate API, caused by insufficient neutralization of special elements. The vulnerability could let an unauthorized user with local access execute system commands, potentially escalating privile...

CVE-2023-29150 CVE-2023-29150

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

Design/Logic Flaw

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

CVE-2023-25313

The CVE-2023-25313 entry relates to an OS command-injection vulnerability in WWBN AVideo prior to version 12.4. The flaw is triggered via the video link field in the Embed a video link feature, allowing arbitrary code execution on affected installations. Public references consistently describe an...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...