Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-03-24 CVE-2025-0255 OS Command Injection vulnerability in Hcltechsw HCL Devops Deploy and HCL Launch
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
network
low complexity
hcltechsw CWE-78
7.2
7.2
2025-03-20 CVE-2024-9053 OS Command Injection vulnerability in Vllm-Project Vllm 0.6.0
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints.
network
low complexity
vllm-project CWE-78
critical
 9.8
9.8
2025-03-20 CVE-2025-0655 OS Command Injection vulnerability in MAN D-Tale 3.15.1
A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the `enable_custom_filters` feature, which is typically restricted to trusted environments.
network
low complexity
man CWE-78
critical
 9.8
9.8
2025-03-12 CVE-2025-20138 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.
local
low complexity
CWE-78
8.8
8.8
2025-03-11 CVE-2025-27392 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11 CVE-2025-27393 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11 CVE-2025-27394 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
7.2
7.2
2025-03-11 CVE-2025-27398 A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
network
low complexity
CWE-78
2.7
2.7
2025-03-11 CVE-2024-11253 A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2
2025-03-11 CVE-2024-12009 A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
network
low complexity
CWE-78
7.2
7.2