PT-2025-33884 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions prior to 4.0.4 Description: A vulnerability exists in neurobin shc up to version 4.0.3. This issue affects the make function within the src/shc.c file of the Filename Handler component. Manipulation of this function can...

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

CVE-2025-54074

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

OliveTin 安全漏洞

OliveTin is an OliveTin open source web application. A security vulnerability exists in OliveTin version 2025.4.22, which stems from an OS command injection in the ParseRequestURI function in service/internal/executor/arguments.go...

Fortinet FortiSIEM OS Command Injection (FG-IR-25-152)

The version of Fortinet FortiSIEM running on the remote server is 5.4.x, 6.1.x, 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x. It is, therefore, affected by an OS command injection vulnerability that can allow a remote unauthenticated attacker to execute unauthorized...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-47857

CVE-2025-47857 describes an OS command injection in Fortinet FortiWeb CLI. Affected are FortiWeb CLI versions 7.6.0–7.6.3 and pre-7.4.8. The root cause is improper neutralization of special elements in CLI commands, enabling a privileged attacker to execute arbitrary code or commands via crafted ...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-25256

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-25256

Fortinet FortiSIEM contains an OS command injection (CWE-78) vulnerability that allows an unauthenticated attacker to execute arbitrary commands via crafted CLI requests. Affected versions span FortiSIEM 6.1–6.7, 7.0–7.3 (specifically 7.0.0–7.0.3, 7.1.0–7.1.7, 7.2.0–7.2.5, 7.3.0–7.3.1) with fixed...

Multiple vulnerabilities in Mubit Powered BLUE 870

Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

DeepResearchAgent 命令注入漏洞

DeepResearchAgent is an open source application from Skywork. DeepResearchAgent has a command injection vulnerability that stems from the incorrect manipulation of parameters in the fromcode/fromdict/frommcp functions in the src/tools/tools.py file, which could lead to os command injection...

Kenwood DMX958XR 操作系统命令注入漏洞

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. An operating system command injection vulnerability exists in the Kenwood DMX958XR JKWifiService function, which can be exploited by an attacker to execute code in a root context...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

Itemir M300 Wi-Fi Repeater 安全漏洞

Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in Itemir M300 Wi-Fi Repeater that originates from OS command injection and could lead to full system control...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-41673

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

xxl-job 命令注入漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A command injection vulnerability exists in xxl-job 3.1.1 and earlier versions, which stems from a misuse of the commandJobHandler function leading to os command injection attacks...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...