CVE-2025-34055

The CVE-2025-34055 issue affects AVTECH AVTECH IP cameras, DVRs, and NVRs exposing the adcommand.cgi endpoint that talks to the ActionD daemon. Authenticated users can call DoShellCmd and pass arbitrary input via strCmd; this input is executed by the system shell without sanitation, allowing comm...

CVE-2025-34054

AVTECH DVR devices are affected by CVE-2025-34054, an unauthenticated command injection via Search.cgi?action=cgi_query. The vulnerability stems from using wget without input sanitization, allowing an attacker to inject shell commands through the username or queryb64str parameters and execute the...

CVE-2025-5459 OS Command Injection

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...

PT-2025-26943 · Puppet · Puppet Enterprise

Name of the Vulnerable Software and Affected Versions: Puppet Enterprise versions 2018.1.8 through 2023.8.3 Puppet Enterprise version 2025.3 Description: A user with specific node group editing permissions and a specially crafted class parameter could execute commands as root on the primary host...

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2023-33869

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending specifically crafted input to /tos/index.php?app/appstartstop...

CVE-2020-16204

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W all versions...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

CVE-2025-20256

A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...

CVE-2025-20256

A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...

CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...

CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 released on 2025-04-22...

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...

CVE-2025-29987

Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root...

Security Bulletin: Vulnerability in OpenPrinting CUPS affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in OpenPrinting CUPS has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

CVE-2025-20117

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due t...

Azure Linux 3.0 Security Update: cups (CVE-2024-35235)

The version of cups installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35235 advisory. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versio...