VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-26
CVE-2025-2257
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting.
network
low complexity
CWE-78
7.2
7.2
2025-03-12
CVE-2025-20138
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.
local
low complexity
CWE-78
8.8
8.8
2025-03-11
CVE-2025-27392
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2025-27393
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2025-27394
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2025-27398
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
2.7
2.7
2025-03-11
CVE-2024-11253
A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2024-12009
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
2025-03-11
CVE-2024-12010
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
2025-03-05
CVE-2025-1316
OS Command Injection vulnerability in Edimax Ic-7100 Firmware
Edimax IC-7100 does not properly neutralize requests.
network
low complexity
edimax
CWE-78
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
294
295
»
Next