Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62214

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-11 Nov, 2025 | 17:59
Updated At-26 Feb, 2026 | 16:57
Rejected At-
Credits

Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:11 Nov, 2025 | 17:59
Updated At:26 Feb, 2026 | 16:57
Rejected At:
â–¼CVE Numbering Authority (CNA)
Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visual Studio 2022 version 17.14
Versions
Affected
  • From 17.14.0 before 17.14.17 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:11 Nov, 2025 | 18:15
Updated At:17 Nov, 2025 | 17:40

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>visual_studio_2022>>Versions from 17.14.0(inclusive) to 17.14.17(exclusive)
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarysecure@microsoft.com
CWE ID: CWE-77
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

125Records found
CVE-2019-7989
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.37% / 85.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:46
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-16864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-26.82% / 96.39%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 19:51
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.

Action-Not Available
Vendor-enterprisedtn/aMicrosoft Corporation
Product-completeftp_serverwindowsn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-18188
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.5||HIGH
EPSS-2.68% / 85.92%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 19:28
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-64671
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.12% / 30.07%
||
7 Day CHG-0.12%
Published-09 Dec, 2025 | 17:56
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-github_copilotGitHub Copilot Plugin for JetBrains IDEs
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-43613
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.76% / 73.42%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:49
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_database_for_postgresql_flexible_serverAzure Database for PostgreSQL Flexible Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-43591
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.38% / 59.41%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_command-line_interfaceazure_service_connectorAzure CLIAzure Service Connector
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-62222
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-github_copilot_chatMicrosoft Visual Studio Code CoPilot Chat Extension
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-61787
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.15% / 34.55%
||
7 Day CHG+0.02%
Published-08 Oct, 2025 | 00:59
Updated-16 Oct, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deno is Vulnerable to Command Injection on Windows During Batch File Execution

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.

Action-Not Available
Vendor-denodenolandMicrosoft Corporation
Product-denowindowsdeno
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-59252
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 28.58%
||
7 Day CHG+0.01%
Published-09 Oct, 2025 | 21:04
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_word_copilotMicrosoft 365 Word Copilot
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-59272
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 28.58%
||
7 Day CHG+0.01%
Published-09 Oct, 2025 | 21:04
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilot_chatMicrosoft 365 Copilot's Business Chat
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-43601
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.97%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code for Linux Remote Code Execution Vulnerability

Visual Studio Code for Linux Remote Code Execution Vulnerability

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelvisual_studio_codeVisual Studio Code for Linux
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-55319
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 25.72%
||
7 Day CHG+0.01%
Published-12 Sep, 2025 | 00:49
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-55227
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.18%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2017sql_server_2016sql_server_2019sql_server_2022Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2022 (CU 20)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-53787
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-1.19% / 78.92%
||
7 Day CHG+0.92%
Published-07 Aug, 2025 | 21:01
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilot_chatMicrosoft 365 Copilot's Business Chat
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-53773
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.55% / 89.25%
||
7 Day CHG+3.16%
Published-12 Aug, 2025 | 17:09
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitHub Copilot and Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.14
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-54100
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 35.99%
||
7 Day CHG-0.20%
Published-09 Dec, 2025 | 17:56
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PowerShell Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_10_1607windows_server_2019windows_10_1809windows_10_22h2windows_10_21h2windows_server_2016windows_server_2012windows_server_2022windows_server_2008windows_11_23h2windows_11_25h2windows_server_2022_23h2windows_11_24h2Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-53774
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 70.36%
||
7 Day CHG+0.45%
Published-07 Aug, 2025 | 21:01
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilot_chatMicrosoft 365 Copilot's Business Chat
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-19445
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.92% / 76.10%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 19:42
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowsfoxit_pdf_sdk_activexn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-19418
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.88% / 89.64%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 16:49
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-pdf_activexwindowsn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-43497
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.68% / 71.71%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DeepSpeed Remote Code Execution Vulnerability

DeepSpeed Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-deepspeedDeepSpeed
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38227
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.22% / 44.02%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-3566
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-7.09% / 91.58%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:22
Updated-18 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection vulnerability in programing languages on Microsoft Windows operating system.

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Action-Not Available
Vendor-haskellrust-langyt-dlp_projectGo Programming LanguageHaskell Programming Languagethephpgrouprust-langhaskellyt-dlp_projectNode.js (OpenJS Foundation)The PHP GroupGoMicrosoft Corporation
Product-process_libraryyt-dlpgowindowsnode.jsphprustGoLangHaskelNode.jsnodejsthephpgroupyt-dlpprocess_libraryrust
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-26204
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.40% / 85.14%
||
7 Day CHG-0.06%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Outlook for Android Information Disclosure Vulnerability

Outlook for Android Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Outlook for Android
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-8060
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.54% / 93.68%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:07
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-36415
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 77.75%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Identity SDK Remote Code Execution Vulnerability

Azure Identity SDK Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_identity_sdkAzure Identity SDK for .NETAzure Identity SDK for PythonAzure Identity SDK for JavaScriptAzure Identity SDK for Java
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found