CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

EUVD-2025-34219

Two improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests...

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

EUVD-2025-34212

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-10242

CVE-2025-10242 affects Ivanti Endpoint Manager Mobile (EPMM) via an OS command injection vulnerability in the admin panel. The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution. Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.x before 12...

CVE-2025-9067

A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...

EUVD-2025-34181

A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...

CVE-2025-9067 Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities

A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...

Ivanti EPMM 操作系统命令注入漏洞

Ivanti EPMM is a product from Ivanti USA that enables IT departments to set policies for mobile devices, applications and content. An operating system command injection vulnerability exists in Ivanti EPMM versions prior to 12.6.0.2, 12.5.0.4, and 12.4.0.4, which stems from the presence of OS...

PT-2025-41927

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.0.2 Ivanti EPMM versions prior to 12.5.0.4 Ivanti EPMM versions prior to 12.4.0.4 Description A flaw exists in the admin panel of Ivanti EPMM that allows a remote authenticated attacker with admin privileges ...

CVE-2025-11665 D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection

A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdatermain of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products th...

PT-2025-41757

Name of the Vulnerable Software and Affected Versions Ericsson RAN Compute and Site Controller affected versions not specified Description The software contains a high severity issue where improper neutralization of special elements used in an OS command could be exploited, potentially leading to...

VulnCheck KEV: CVE-2022-37129

D-Link DIR-816 A2v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte4836B0 by snprintf, and finally doSystem&byte4836B0; will be executed, resulting in a command injection...

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

CVE-2025-60964

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...

CVE-2025-43906

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...

EUVD-2010-0740

Malware in sbrugna...

EUVD-2012-3457

Malware in sbrugna...

EUVD-2019-7563

Malware in sbrugna...

EUVD-2018-5268

Malware in sbrugna...