413 matches found
CVE-2025-56129
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...
PT-2025-50683
Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...
CVE-2025-56089
OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
PT-2025-50680
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the...
PT-2025-50652
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the chec...
CVE-2025-56088
CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...
CVE-2025-56083
CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...
CVE-2025-53949
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...
CVE-2025-14204
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
EUVD-2025-199679
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
EUVD-2025-199672
Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...
CVE-2025-13442
The CVE affects UTT 进取 750W firmware up to 3.2.2-191225. The vulnerability is in the system() call within /goform/formPdbUpConfig, where improper handling of the policyNames argument allows remote command injection. Attackers could exploit this remotely; the vulnerability has public exploit discl...
CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...
CVE-2025-13284
CVE-2025-13284 affects ThinPLUS OS, with an OS Command Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary commands and execute them on the server. The issue is documented across multiple feeds (Red Hat CVE, NVD, CNVD, etc.) with CVSSv3.1/4.0 CRITICAL and full...
PT-2025-47179
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...
CVE-2025-46423
Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...
CVE-2025-46422
Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...
CVE-2025-43942
Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...
CVE-2025-43941
Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This...