CVE-2023-51022

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi...

CVE-2022-27489

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

CVE-2019-15418

The Asus ASUSX00K1 Android device with a build fingerprint of asus/CNX00K/ASUSX00K1:7.0/NRD90M/CNX00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

CVE-2019-15351

The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

CVE-2019-6810

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module all firmware versions, which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol...

CVE-2019-15708

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

CVE-2019-15710

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

CVE-2019-15419

The Asus ASUSX0151 Android device with a build fingerprint of asus/CNX015/ASUSX0151:7.0/NRD90M/CNX015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

CVE-2025-47948

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized...

PT-2025-20703 · Sudo-Rs · Sudo-Rs

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited or no sudo privileges to determine the existence of files in folders they cannot access using the sudo --list command. This can reveal sensitive information in...

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub41105C function of cstecgi .cgi...

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service daemon crash via a crafted Redis command. The validity of the scan cursor was not checked...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

Telesquare TLR-2005Ksh 安全漏洞

The Telesquare TLR-2005Ksh is a wireless router from the South Korean company Telesquare. A security vulnerability exists in Telesquare TLR-2005Ksh version 1.1.4, which originates from unauthorized command execution when requesting the admin.cgi parameter setAutorest...

CVE-2025-26003

CVE-2025-26003 affects Telesquare TLR-2005KSH 1.1.4. The vulnerability is an unauthorized command execution that occurs when requesting the admin.cgi parameter with setAutorest. The provided materials indicate a high-severity issue (CVSS 3.1: 9.8, Network ||/ Low attack complexity, no privileges ...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

CVE-2024-54018

Multiple improper neutralization of special elements used in an OS Command vulnerabilities CWE-78 in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests...