CVE-2024-54018

CVE-2024-54018 affects Fortinet FortiSandbox prior to 4.4.5, where improper neutralization of special elements in OS commands (CWE-78) allows a privileged attacker to execute unauthorized commands via crafted requests. Impact per provided data includes high confidentiality, integrity, and availab...

CVE-2025-22368 Mennekes smart/premium charges systems, Command injection in sCU firmware update

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS...

CVE-2025-25528

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any...

CVE-2025-25528

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any...

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands...

CVE-2024-53688

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...

PT-2025-23506 · Qualcomm · Qualcomm Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Multiple Chipsets affected versions not specified NVIDIA GPU affected versions not specified Description: The issue is related to memory corruption due to unauthorized command execution in the GPU micronode while executing a specific...

PT-2025-23468

Name of the Vulnerable Software and Affected Versions Qualcomm chipsets affected versions not specified Meta Quest 3 and 3S versions August 7, 2025 and earlier Samsung S23 affected versions not specified Description A flaw exists in the Qualcomm Adreno GPU firmware that allows unauthorized comman...

CVE-2025-23052

CVE-2025-23052 describes an authenticated command injection vulnerability in the CLI of Hewlett Packard Enterprise ArubaOS network management service. The issue allows an authenticated attacker with high privileges to execute arbitrary commands as the underlying OS user. The initial documents ind...

CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-37936

A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests...

Fortinet FortiWeb OS command injection due to unsafe input validation function (FG-IR-21-166)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-166 advisory. - A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4....

Permissive Regular Expression

github.com/facebookincubator/tacquito is vulnerable to Permissive Regular Expression. The vulnerability is due to permissive regex matching where the system matches sub-strings instead of the entire string for authorized commands and arguments. This could allow unauthorized commands to be execute...

CVE-2024-49399

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information...

CVE-2024-9137

CVE-2024-9137 describes a missing authentication check in the Moxa service that processes commands, enabling an attacker to trigger command execution and potentially download or upload configuration files, affecting devices using the Moxa service. The CVE is documented with high CVSS scores (4.0/...

MOXA Service 安全漏洞

MOXA Service is a hardware device infrastructure service from China MOXA MOXA. A security vulnerability exists in MOXA Service, which stems from a lack of authentication during command sending and could allow an attacker to execute specific commands, resulting in unauthorized configuration file...

CVE-2024-7700

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing...

CVE-2024-7700

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing...