A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.
An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
Dynamics Business Central Remote Code Execution Vulnerability
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software.
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
DeepSpeed Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
Azure Identity SDK Remote Code Execution Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
Azure Identity SDK Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
Outlook for Android Information Disclosure Vulnerability
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Visual Studio Code for Linux Remote Code Execution Vulnerability
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.