| 2025-02-26 | CVE-2025-20161 | A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. | 5.1 |
| 2025-02-14 | CVE-2024-55904 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | 7.2 |
| 2025-02-11 | CVE-2024-47908 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2025-02-06 | CVE-2024-51450 | IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. network low complexity CWE-78 critical | 9.1 |
| 2025-02-04 | CVE-2024-40890 | OS Command Injection vulnerability in Zyxel products
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. | 8.8 |
| 2025-02-04 | CVE-2024-40891 | OS Command Injection vulnerability in Zyxel products
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. | 8.8 |
| 2025-01-27 | CVE-2025-22604 | OS Command Injection vulnerability in Cacti
Cacti is an open source performance and fault management framework. | 7.2 |
| 2025-01-16 | CVE-2025-0457 | The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2025-01-15 | CVE-2024-57011 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | 8.8 |
| 2025-01-15 | CVE-2024-57012 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | 8.8 |