Total
4689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36567 | 1 Dell | 1 Data Domain Operating System | 2025-10-14 | N/A | 6.7 MEDIUM |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. | |||||
| CVE-2025-59834 | 1 Srmorete | 1 Adb Mcp Server | 2025-10-14 | N/A | 9.8 CRITICAL |
| ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c. | |||||
| CVE-2025-34227 | 1 Nagios | 1 Nagios Xi | 2025-10-14 | N/A | 8.8 HIGH |
| Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user. | |||||
| CVE-2025-52906 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | |||||
| CVE-2016-15047 | 2025-10-14 | N/A | N/A | ||
| AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range. | |||||
| CVE-2025-60006 | 2025-10-14 | N/A | 5.3 MEDIUM | ||
| Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cases. These scripts are not hardened so injected commands might be executed via the shell, which allows an attacker to perform operations, which they should not be able to do according to their assigned permissions. This issue affects Junos OS Evolved: * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO. This issue does not affect Junos OS Evolved versions earlier than 24.2R1-EVO. | |||||
| CVE-2025-0636 | 2025-10-14 | N/A | 8.4 HIGH | ||
| EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. | |||||
| CVE-2025-9976 | 2025-10-14 | N/A | 9.0 CRITICAL | ||
| An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine. | |||||
| CVE-2025-5459 | 1 Puppet | 1 Puppet Enterprise | 2025-10-14 | N/A | 8.8 HIGH |
| A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0. | |||||
| CVE-2025-59361 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2025-59360 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2025-59359 | 1 Chaos-mesh | 1 Chaos Mesh | 2025-10-14 | N/A | 9.8 CRITICAL |
| The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. | |||||
| CVE-2024-10035 | 1 Bg-tek | 1 Coslat | 2025-10-14 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported. | |||||
| CVE-2025-56819 | 1 Running-elephant | 1 Datart | 2025-10-10 | N/A | 9.8 CRITICAL |
| An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. | |||||
| CVE-2025-11138 | 1 Wenkucms Project | 1 Wenkucms | 2025-10-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-60959 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | N/A | 8.2 HIGH |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60957 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | N/A | 9.9 CRITICAL |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||
| CVE-2025-60960 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | N/A | 8.2 HIGH |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||
| CVE-2025-60962 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | N/A | 8.2 HIGH |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. | |||||
| CVE-2025-60963 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2025-10-10 | N/A | 8.2 HIGH |
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||