Lucene search
+L

413 matches found

Cvelist
Cvelist
added 2025/12/11 12:0 a.m.30 views

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

0.02398EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.12 views

PT-2025-50683

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...

8.8CVSS7AI score0.02769EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.37 views

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

0.02578EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50680

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the...

8.8CVSS7.3AI score0.02769EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50652

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the chec...

8.8CVSS7.2AI score0.02157EPSS
Exploits0References6
CVE
CVE
added 2025/12/11 12:0 a.m.15 views

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

8.8CVSS7.5AI score0.03241EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/12/11 12:0 a.m.16 views

CVE-2025-56083

CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...

8.8CVSS7.5AI score0.01815EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/09 6:15 p.m.6 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6AI score0.15797EPSS
Exploits0References1
NVD
NVD
added 2025/12/07 11:15 p.m.6 views

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS0.012EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.2AI score0.02135EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/26 12:49 a.m.8 views

EUVD-2025-199672

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS8.3AI score0.02135EPSS
Exploits1References2
CVE
CVE
added 2025/11/20 1:32 a.m.20 views

CVE-2025-13442

The CVE affects UTT 进取 750W firmware up to 3.2.2-191225. The vulnerability is in the system() call within /goform/formPdbUpConfig, where improper handling of the policyNames argument allows remote command injection. Attackers could exploit this remotely; the vulnerability has public exploit discl...

9.8CVSS7.3AI score0.19544EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/20 1:32 a.m.2 views

CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...

7.5CVSS7.3AI score0.19544EPSS
Exploits1References4
CVE
CVE
added 2025/11/17 3:37 a.m.17 views

CVE-2025-13284

CVE-2025-13284 affects ThinPLUS OS, with an OS Command Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary commands and execute them on the server. The issue is documented across multiple feeds (Red Hat CVE, NVD, CNVD, etc.) with CVSSv3.1/4.0 CRITICAL and full...

9.8CVSS7.5AI score0.01809EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.15 views

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

6.8CVSS7AI score0.00852EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/11/04 2:24 p.m.10 views

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

9.8CVSS8.2AI score0.62378EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/10/31 3:11 p.m.8 views

CVE-2025-46423

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

7.8CVSS7.2AI score0.00518EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:15 p.m.2 views

CVE-2025-46422

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

7.8CVSS6AI score0.00518EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:15 p.m.5 views

CVE-2025-43942

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

7.8CVSS6AI score0.00598EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 1:57 p.m.3 views

CVE-2025-43941

Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This...

7.2CVSS6.7AI score0.00719EPSS
Exploits0References1
Rows per page
Query Builder