Total
4869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24383 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 9.1 CRITICAL |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-49601 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.3 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2025-23383 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2025-24377 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | |||||
| CVE-2025-24378 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2025-24379 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2025-24380 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2025-24385 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | |||||
| CVE-2025-24386 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2024-49563 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | N/A | 7.8 HIGH |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | |||||
| CVE-2025-34082 | 2025-07-08 | N/A | N/A | ||
| A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status. | |||||
| CVE-2025-47228 | 2025-07-08 | N/A | 6.7 MEDIUM | ||
| In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests. | |||||
| CVE-2025-48501 | 2025-07-08 | N/A | 9.8 CRITICAL | ||
| An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running. | |||||
| CVE-2025-7145 | 2025-07-08 | N/A | 7.2 HIGH | ||
| ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host. | |||||
| CVE-2025-3705 | 2025-07-08 | N/A | 6.8 MEDIUM | ||
| A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive. | |||||
| CVE-2025-3626 | 2025-07-08 | N/A | 9.1 CRITICAL | ||
| A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI. | |||||
| CVE-2012-5863 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | 10.0 HIGH | N/A |
| These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system. | |||||
| CVE-2023-51572 | 1 Voltronicpower | 1 Viewpower | 2025-07-07 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21163. | |||||
| CVE-2025-26320 | 1 T0mer | 1 Broadlinkmanager | 2025-07-07 | N/A | 6.5 MEDIUM |
| t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. | |||||
| CVE-2022-40847 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 7.8 HIGH |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. | |||||