Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-04-20 CVE-2025-43920 OS Command Injection vulnerability in GNU Mailman
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
network
high complexity
gnu CWE-78
8.1
2025-04-16 CVE-2025-3729 OS Command Injection vulnerability in Senior-Walter Web-Based Pharmacy Product Management System 1.0
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.
network
low complexity
senior-walter CWE-78
critical
9.8
2025-04-08 CVE-2024-41788 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
9.1
2025-04-08 CVE-2024-41789 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
9.1
2025-04-08 CVE-2024-41790 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-78
critical
9.1
2025-04-08 CVE-2025-3361 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
9.8
2025-04-08 CVE-2025-3362 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
9.8
2025-04-08 CVE-2025-3363 The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
network
low complexity
CWE-78
critical
9.8
2025-03-26 CVE-2025-2257 The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting.
network
low complexity
CWE-78
7.2
2025-03-24 CVE-2025-0255 OS Command Injection vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
network
low complexity
hcltechsw CWE-78
7.2