Lucene search
K

71463 matches found

NVD
NVD
added 5 hours ago3 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43314

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...

6.5CVSS6.3AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score
Exploits0References6
CVE
CVE
added 6 hours ago4 views

CVE-2026-22103

CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...

9.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-22103 Command injection in NPC start web endpoint

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
CVE
CVE
added 6 hours ago6 views

CVE-2026-22100

The CVE-2026-22100 entry describes a command injection in the OCPP DataTransfer message ReserveLogin. By manipulating the data value, arbitrary OS commands can be executed with root privileges. Exploitation details, affected versions, and concrete remediation are not provided in the connected doc...

8.6CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-22100 Comnand injection in OCPP ReserveLogin message

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-22095 Command injection in diagnosis web endpoint

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS
Exploits0References1
CVE
CVE
added 6 hours ago4 views

CVE-2026-22095

The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...

9.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 6 hours ago10 views

CVE-2026-15547

Shibby Tomato (up to 1.28.0000) contains a vulnerability in the CIFS Mount Handler sub_2D048 that allows remote OS command injection by manipulating the cifs1/cifs2 arguments. A public exploit exists; impact is described with network access and low privileges. The project is superseded by FreshTo...

6.5CVSS6.4AI score
Exploits0References5
Cvelist
Cvelist
added 6 hours ago9 views

CVE-2026-15547 Shibby Tomato CIFS Mount sub_2D048 os command injection

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS
Exploits0References5
CVE
CVE
added 7 hours ago7 views

CVE-2026-15546

The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...

6.5CVSS6.3AI score
Exploits0References5
Nuclei
Nuclei
added 10 hours ago212 views

Seagate BlackArmor NAS - Command Injection

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php. id: CVE-2014-3206 info: name: Seagate BlackArmor NAS - Command Injection author: gy741...

10CVSS7.3AI score0.51658EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago126 views

FOG Project < 1.5.10.34 - Remote Command Execution

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...

9.8CVSS6.1AI score0.23414EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago110 views

geojson2kml - Command Injection

Detects command injection vulnerability by checking if hacked.txt is created and contains the expected content. id: CVE-2020-28429 info: name: geojson2kml - Command Injection author: eeche,chae1xx1os,persona-twotwo,soonghee2 severity: critical description: | Detects command injection vulnerabilit...

9.8CVSS7AI score0.63305EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago318 views

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS7.2AI score0.86089EPSS
Exploits7References3
Nuclei
Nuclei
added 10 hours ago41 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

9.8CVSS7.1AI score0.99273EPSS
Exploits9References5
Nuclei
Nuclei
added 10 hours ago151 views

Lexmark Printers - Command Injection

Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. id: CVE-2023-26067 info: name: Lexmark Printers - Command Injection author: DhiyaneshDK severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. impact: |...

8.1CVSS7AI score0.37835EPSS
Exploits4References5
Nuclei
Nuclei
added 10 hours ago80 views

Altenergy Power Control Software C1.2.5 - Remote Command Injection

Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...

9.8CVSS7.1AI score0.85332EPSS
Exploits5References5
Nuclei
Nuclei
added 10 hours ago158 views

TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

9.8CVSS7.3AI score0.65412EPSS
Exploits2References5
Rows per page
Query Builder