Total
5395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12641 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2025-11-04 | 9.8 Critical |
| rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | ||||
| CVE-2025-62801 | 2 Fastmcp, Jlowin | 2 Fastmcp, Fastmcp | 2025-11-04 | 7.8 High |
| FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0. | ||||
| CVE-2024-8926 | 1 Php | 1 Php | 2025-11-03 | 8.1 High |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
| CVE-2024-28138 | 2025-11-03 | 7.3 High | ||
| An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. | ||||
| CVE-2024-28027 | 2 Mc-technologies, Mc Technologies | 3 Mc Lr Router, Mc Lr Router Firmware, Mc Lr Router | 2025-11-03 | 7.2 High |
| Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`. | ||||
| CVE-2024-28026 | 2 Mc-technologies, Mc Technologies | 3 Mc Lr Router, Mc Lr Router Firmware, Mc Lr Router | 2025-11-03 | 7.2 High |
| Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`. int out_ret = sscanf(current_param->key, "out%u", &io_idx); if (out_ret == 1 && io_idx == 1) { // [4] Similar to `3`, but `out1` instead of `btn1` if (asprintf(&command, "/usr/sbin/vout %s %u vo_manual", current_param->value, 1) > 0) { system(command); return -1; } } | ||||
| CVE-2024-28025 | 2 Mc-technologies, Mc Technologies | 3 Mc Lr Router, Mc Lr Router Firmware, Mc Lr Router | 2025-11-03 | 7.2 High |
| Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`. | ||||
| CVE-2024-11003 | 1 Needrestart Project | 1 Needrestart | 2025-11-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps. | ||||
| CVE-2024-10224 | 4 Debian, Module Scandeps, Redhat and 1 more | 4 Debian Linux, Needrestart, Enterprise Linux and 1 more | 2025-11-03 | 5.3 Medium |
| Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). | ||||
| CVE-2023-37903 | 2 Redhat, Vm2 Project | 3 Acm, Multicluster Engine, Vm2 | 2025-11-03 | 9.8 Critical |
| vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software. | ||||
| CVE-2025-22604 | 1 Cacti | 1 Cacti | 2025-11-03 | 9.1 Critical |
| Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29. | ||||
| CVE-2023-28617 | 2 Gnu, Redhat | 6 Org Mode, Enterprise Linux, Rhel Aus and 3 more | 2025-11-03 | 7.8 High |
| org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | ||||
| CVE-2021-3621 | 2 Fedoraproject, Redhat | 10 Fedora, Sssd, Enterprise Linux and 7 more | 2025-11-03 | 8.8 High |
| A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2025-50121 | 2025-11-03 | N/A | ||
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default. | ||||
| CVE-2025-47780 | 2 Asterisk, Sangoma | 4 Asterisk, Certified Asterisk, Asterisk and 1 more | 2025-11-03 | 7.8 High |
| Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. | ||||
| CVE-2025-44961 | 1 Commscope | 31 Ruckus C110, Ruckus E510, Ruckus H320 and 28 more | 2025-11-03 | 9.9 Critical |
| In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. | ||||
| CVE-2025-44960 | 2 Commscope, Ruckus | 32 Ruckus C110, Ruckus E510, Ruckus H320 and 29 more | 2025-11-03 | 8.5 High |
| RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. | ||||
| CVE-2025-27804 | 2025-11-03 | 6.5 Medium | ||
| Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions. | ||||
| CVE-2024-4577 | 4 Fedoraproject, Microsoft, Php and 1 more | 4 Fedora, Windows, Php and 1 more | 2025-11-03 | 9.8 Critical |
| In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
| CVE-2023-25279 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-11-03 | 9.8 Critical |
| OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | ||||