Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,953)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-20186 1Cisco 1Ios Xe Jul 11, 2025 May 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a comman...Show more A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with privilege level 15. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a lobby ambassador account. This account is not configured by default.Show less
CVE-2025-45491 1Linksys 1E5600 Firmware May 13, 2025 May 6, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVE-2025-45042 1Tenda 1Ac9 Firmware May 7, 2025 May 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
CVE-2025-2605 1Honeywell 2Mb Secure Firmware Mb Secure Pro Firmware May 17, 2025 May 2, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secur...Show more Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.Show less
CVE-2024-6032 1Tesla 1Model S Firmware Aug 12, 2025 Apr 30, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the...Show more Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201.Show less
CVE-2025-24351 - - May 2, 2025 Apr 30, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafte...Show more A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.Show less
CVE-2025-4032 1Inclusionai 1Aworld May 10, 2025 Apr 28, 2025 2.3 LOW· v4 8.1 HIGH· v3 4.6 MEDIUM· v2 A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/vir...Show more A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/terminals/shell_tool.py. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.Show less
CVE-2022-41871 1Seppmail 1Seppmail May 14, 2025 Apr 28, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
CVE-2025-46272 - - Apr 29, 2025 Apr 24, 2025 9.3 CRITICAL· v4 9.1 CRITICAL· v3 N/A· v2 WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.
CVE-2025-46271 - - Apr 29, 2025 Apr 24, 2025 9.3 CRITICAL· v4 9.1 CRITICAL· v3 N/A· v2 UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.
CVE-2025-43858 - - Apr 29, 2025 Apr 24, 2025 N/A· v4 9.2 CRITICAL· v3 N/A· v2 YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious co...Show more YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.Show less
CVE-2025-1976 1Broadcom 1Fabric Operating System Oct 24, 2025 Apr 24, 2025 8.6 HIGH· v4 6.7 MEDIUM· v3 N/A· v2 Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1...Show more Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.Show less
CVE-2025-2773 1Bectechnologies 1Router Firmware Aug 21, 2025 Apr 23, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multipl...Show more BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903.Show less
CVE-2025-28039 1Totolink 1Ex1200t Firmware Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.
CVE-2025-28038 1Totolink 1Ex1200t Firmware Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.
CVE-2025-28036 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-28035 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-28037 1Totolink 2A810r Firmware A950rg Firmware Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.
CVE-2025-28034 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain...Show more TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.Show less
CVE-2025-43920 1Gnu 1Mailman Apr 28, 2025 Apr 20, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE:...Show more GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.Show less

Previous 1...808182...298 Next