Edimax BR-6478AC 操作系统命令注入漏洞

Edimax BR-6478AC is a dual-band gigabit router from China Xunzhou Edimax. An OS command injection vulnerability exists in Edimax BR-6478AC version 1.0.15, which stems from a misuse of the parameter sysCmd in the file /boafrm/formSysCmd, which can lead to os command injection...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

EUVD-2025-199672

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

PT-2025-48141

Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description An improper neutralization of special elements used in an OS command 'command injection' exists in Cursor. This allows an unauthorized attacker to execute commands that are outside of those...

CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...

CVE-2025-13442

The CVE affects UTT 进取 750W firmware up to 3.2.2-191225. The vulnerability is in the system() call within /goform/formPdbUpConfig, where improper handling of the policyNames argument allows remote command injection. Attackers could exploit this remotely; the vulnerability has public exploit discl...

CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...

PT-2025-47590

Name of the Vulnerable Software and Affected Versions BASIS BBj versions prior to 25.00 Description BASIS BBj versions prior to 25.00 have a Jetty-served web endpoint that does not properly validate or canonicalize input path segments. This allows unauthenticated directory traversal, potentially...

EUVD-2025-197852

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

CVE-2025-13284

CVE-2025-13284 affects ThinPLUS OS, with an OS Command Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary commands and execute them on the server. The issue is documented across multiple feeds (Red Hat CVE, NVD, CNVD, etc.) with CVSSv3.1/4.0 CRITICAL and full...

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

EUVD-2021-34721

TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed with root privileges. A remote, unauthenticated attacker can supply crafted values to...

EUVD-2025-175310

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary, specifically in the sub40BFA4 function that handles network interface reinitialization from '/var/system/linuxvlanreinit'. Input is only partially validated by checking...

PT-2025-46902

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG Router firmware versions V5.9c.4592 B20191022 ALL Description A command injection issue exists in the TOTOLINK A950RG Router firmware. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar...

CVE-2025-60676

The CVE-2025-60676 entry concerns the D-Link DIR-878A1 router, firmware FW101B04.bin. Technical details across multiple connected sources confirm an unauthenticated command-injection in prog.cgi SetNetworkSettings, where IPAddress and SubnetMask are directly concatenated into shell commands execu...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

CVE-2025-46423

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

CVE-2025-43942

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2025-46422

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...