Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-43562 OS Command Injection vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-78
critical
 9.1
9.1
2025-05-13 CVE-2025-26389 A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0).
network
low complexity
CWE-78
critical
 10.0
10
2025-05-13 CVE-2025-40582 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed).
local
low complexity
CWE-78
7.8
7.8
2025-05-07 CVE-2025-20186 A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
CWE-78
8.8
8.8
2025-05-07 CVE-2025-20193 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation.
network
low complexity
CWE-78
6.5
6.5
2025-05-07 CVE-2025-20194 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
CWE-78
5.4
5.4
2025-05-07 CVE-2025-20213 A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.
local
low complexity
CWE-78
5.5
5.5
2025-05-02 CVE-2025-2605 OS Command Injection vulnerability in Honeywell Mb-Secure Firmware and Mb-Secure PRO Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.
network
low complexity
honeywell CWE-78
8.8
8.8
2025-04-28 CVE-2022-41871 OS Command Injection vulnerability in Seppmail 11.1.10
SEPPmail through 12.1.17 allows command injection within the Admin Portal.
network
low complexity
seppmail CWE-78
8.8
8.8
2025-04-24 CVE-2025-1976 OS Command Injection vulnerability in Broadcom Fabric Operating System
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.
local
low complexity
broadcom CWE-78
6.7
6.7