CVE-2025-25256

Fortinet FortiSIEM contains an OS command injection (CWE-78) vulnerability that allows an unauthenticated attacker to execute arbitrary commands via crafted CLI requests. Affected versions span FortiSIEM 6.1–6.7, 7.0–7.3 (specifically 7.0.0–7.0.3, 7.1.0–7.1.7, 7.2.0–7.2.5, 7.3.0–7.3.1) with fixed...

Multiple vulnerabilities in Mubit Powered BLUE 870

Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

DeepResearchAgent 命令注入漏洞

DeepResearchAgent is an open source application from Skywork. DeepResearchAgent has a command injection vulnerability that stems from the incorrect manipulation of parameters in the fromcode/fromdict/frommcp functions in the src/tools/tools.py file, which could lead to os command injection...

Kenwood DMX958XR 操作系统命令注入漏洞

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. An operating system command injection vulnerability exists in the Kenwood DMX958XR JKWifiService function, which can be exploited by an attacker to execute code in a root context...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

Itemir M300 Wi-Fi Repeater 安全漏洞

Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in Itemir M300 Wi-Fi Repeater that originates from OS command injection and could lead to full system control...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-41673

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

xxl-job 命令注入漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A command injection vulnerability exists in xxl-job 3.1.1 and earlier versions, which stems from a misuse of the commandJobHandler function leading to os command injection attacks...

GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...

CVE-2025-7553

CVE-2025-7553 affects D-Link DIR-818LW firmware up to 20191215. The vulnerability is in the System Time Page, where manipulation of the NTP Server parameter allows os command injection. Exploitation is possible remotely, and the exploit has been disclosed publicly. The issue is associated with de...

Comodo Internet Security Premium 命令注入漏洞

Comodo Internet Security Premium is a suite of computer security software from Comodo, Inc. that focuses on Internet security. A command injection vulnerability exists in Comodo Internet Security Premium version 12.3.4.8162, which stems from incorrect manipulation of the parameter binary/params...

Remote Code Execution (RCE)

org.conductoross, conductor-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper access control over Java class execution, which allows attackers to invoke system-level commands...

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers arises from the lack of measures taken to neutralize the special elements used in the operating system’s command structure. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the sysCmd parameter. Exploiting this vulnerability allows ...

CVE-2025-34039 Yonyou NC BeanShell Command Injection

A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet bsh.servlet.BshServlet without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This...

Materialise OrthoView 操作系统命令注入漏洞

Materialise OrthoView is an orthopedic planning solution from Materialise UK. An operating system command injection vulnerability exists in Materialise OrthoView 7.5.1 and earlier versions, which stems from vulnerability to OS command injection attacks when servlet sharing is enabled...

VulnCheck KEV: CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the SYSTEM FTP-server command of the PCMan FTP Server lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...