#os-command-injection

[ follow ]
#sap-security-patch-day #s4hana #sap-commerce #sql-injection #cve-2026-25108 #filezen-vulnerability
Information security
fromSecurityWeek
1 day ago

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP released 15 security notes for May 2026 Patch Day, including critical SQL and code injection flaws in S/4HANA and SAP Commerce.
Information security
fromThe Hacker News
2 months ago

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA added CVE-2026-25108, an OS command injection vulnerability in FileZen, to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.
fromTheregister
3 months ago

Critical React Native Metro dev server bug under attack

The flaw, tracked as CVE-2025-11953, arises because the Metro development server started by the React Native Community command line tool exposes an endpoint vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run malicious executables. Similarly, on Windows machines, miscreants can abuse the security hole to execute arbitrary shell commands with fully controlled arguments.
Information security
Information security
fromTheregister
5 months ago

Fortinet confirms second 0-day in just four days

FortiWeb OS command injection zero-day CVE-2025-58034 is exploited in the wild; Fortinet released a patch—update FortiWeb devices immediately.
Information security
fromIT Pro
6 months ago

Warning issued over critical flaws spotted in TP-Link routers

Two TP-Link VPN router vulnerabilities allow OS command injection via WireGuard settings and unauthorized root access through residual debug code.
[ Load more ]