CVE-2024-55904

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially craft...

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

PT-2025-6721 · Ibm · Ibm Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through...

CVE-2025-25067

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands...

CVE-2025-25067 mySCADA myPRO Manager OS Command Injection

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands...

CVE-2023-47218

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

The vulnerability of the formSetSambaConf function in the Tenda AC18 router microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the formSetSambaConf function in the Tenda AC18 router microprogramming system exists due to the lack of measures taken to neutralize special elements during the processing of the usbName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the Web Inspector tool for checking web pages on operating systems like iOS, iPadOS, macOS, and the Safari browser allows attackers to execute arbitrary commands.

The vulnerability of the Web Inspector tool for checking web pages on operating systems like iOS, iPadOS, macOS, and the Safari browser is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-25527

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.34b12 due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

CVE-2025-25525

Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

PT-2025-11122

Name of the Vulnerable Software and Affected Versions Satellite Management Controller SMC affected versions not specified Description Insufficient input validation in the Satellite Management Controller SMC could allow an attacker with certain privileges to utilize specific special characters...

CVE-2025-25525

Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

The vulnerability of the LoadMaster application deployment and management platform lies in its lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of the LoadMaster application deployment and management platform lies in the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Cisco Identity Services Engine Code Issue Vulnerability (CNVD-2025-03531)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has a code issue vulnerability that can be exploited by a remote attacker to submit a special request that can execute arbitrary commands with elevated...

CVE-2025-24505

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Cisco Identity Services Engine ISE. The vulnerabilities are in the API of Cisco ISE, which allows an authenticated remote malicious person to execute arbitrary commands as the root user through insecure deserialization of Java byte streams. All of these...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2021-26607

An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems...

CVE-2021-35029

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected devi...

CVE-2016-6918

Lexmark Markvision Enterprise MVE before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files...