Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2024-41788 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
 9.1
9.1
2025-04-08 CVE-2024-41789 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
 9.1
9.1
2025-04-08 CVE-2024-41790 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
 9.1
9.1
2025-04-08 CVE-2025-3361 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
 9.8
9.8
2025-04-08 CVE-2025-3362 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
 9.8
9.8
2025-04-08 CVE-2025-3363 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
 9.8
9.8
2025-03-26 CVE-2025-2257 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting.
network
low complexity
CWE-78
7.2
7.2
2025-03-24 CVE-2025-0255 OS Command Injection vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
network
low complexity
hcltechsw CWE-78
7.2
7.2
2025-03-20 CVE-2025-0655 OS Command Injection vulnerability in MAN D-Tale 3.15.1
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments.
network
low complexity
man CWE-78
critical
 9.8
9.8
2025-03-12 CVE-2025-20138 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.
local
low complexity
CWE-78
8.8
8.8