Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,954)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25579 1Totolink 1A3002r Firmware Apr 7, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
CVE-2025-28256 1Totolink 1A3100r Firmware Apr 14, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
CVE-2025-28219 1Netgear 1Dc112a Firmware May 2, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
CVE-2025-24386 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2025-24385 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.Show less
CVE-2025-24380 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2025-24379 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2025-24378 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2025-24377 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.Show less
CVE-2025-23383 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2024-49601 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potential...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.Show less
CVE-2025-24383 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potential...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.Show less
CVE-2025-24382 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potential...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.Show less
CVE-2025-22398 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potential...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.Show less
CVE-2024-49565 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Show less
CVE-2024-49564 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.Show less
CVE-2024-49563 1Dell 1Unity Operating Environment Jul 8, 2025 Mar 28, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially...Show more Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.Show less
CVE-2025-28138 1Totolink 1A800r Firmware Apr 15, 2025 Mar 27, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-2257 1Boldgrid 1Total Upkeep May 22, 2025 Mar 26, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. T...Show more The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.Show less
CVE-2025-2733 - - Mar 27, 2025 Mar 25, 2025 5.3 MEDIUM· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads...Show more A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...838485...298 Next