Lucene search
K

1885 matches found

CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

Biome MCP Server 命令注入漏洞

Biome MCP Server is a code inspection and formatting tool developed by Ryuzaki Shinji individually. Versions of Biome MCP Server 1.0.0 and earlier have a command injection vulnerability, which stems from incorrect handling of the file biome-mcp-server.ts, potentially leading to command injection...

6.5CVSS6.7AI score0.0111EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/04 5:41 p.m.5 views

CVE-2026-20017 Cisco Secure FTD Software Authenticated Command Injection Vulnerability

A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...

6CVSS6.2AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 12:0 a.m.12 views

CVE-2026-24105

The CVE-2026-24105 issue affects Tenda AC15V1.0 (V15.03.05.18_multi) in the goform/formsetUsbUnload component. The vulnerability arises because the v1 value is not checked, potentially allowing command injection when used in doSystemCmd. Reported impacts indicate potential arbitrary command execu...

9.8CVSS6AI score0.01704EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.12 views

PT-2026-22250

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists that allows an authenticated attacker to execute code remotely. This is achieved by injecting malicious input into the map filename field during t...

8.8CVSS6.1AI score0.01489EPSS
Exploits0References9
NVD
NVD
added 2026/02/24 8:27 p.m.8 views

CVE-2025-33181

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges...

8.8CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/24 2:32 p.m.10 views

CVE-2026-3101 Intelbras TIP 635G Ping os command injection

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

6.5CVSS6.2AI score0.0418EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

UTT HiPER 520 操作系统命令注入漏洞

UTT HiPER 520 is a high-performance router produced by UTT Corporation. The version 1.7.7-160105 of UTT HiPER 520 contains a vulnerability related to operating system command injection. This vulnerability stems from an error in the handling of the parameter policyNames in the function sub44D264 o...

8.6CVSS7.1AI score0.0982EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 12:2 a.m.33 views

CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection

A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...

10CVSS0.02276EPSS
Exploits0References5
NVD
NVD
added 2026/02/16 2:16 a.m.8 views

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

9.8CVSS0.06554EPSS
Exploits1References4
CISA
CISA
added 2026/02/13 12:0 p.m.9 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1731link is external BeyondTrust Remote Support RS and Privileged Remote Access PRA OS Command Injection Vulnerability These types of vulnerabilities are...

9.9CVSS5.6AI score0.86091EPSS
In wildExploits11References6
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.5 views

PT-2026-7021

Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the function sub 446B18 located in the file /goform/formPdbUpConfig. Manipulation of the policyNames argument can result in operating system command injection. This issue is...

8.6CVSS5.4AI score0.06413EPSS
Exploits1References8
OSV
OSV
added 2026/02/02 6:16 p.m.5 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

7.2CVSS5.8AI score0.02394EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/21 6:17 a.m.6 views

Ruijie Networks AP180 series vulnerable to OS command injection

Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.6CVSS5.9AI score0.0154EPSS
Exploits0References4
CNVD
CNVD
added 2026/01/14 12:0 a.m.2 views

TRENDnet TEW-713RE Operating System Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...

10CVSS7.4AI score0.12113EPSS
Exploits1References1
OSV
OSV
added 2026/01/09 5:15 p.m.4 views

CVE-2025-46645

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...

7.2CVSS5.9AI score0.01409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.10 views

CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...

8.8CVSS7.5AI score0.02062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.6 views

CVE-2023-43892

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload...

9.8CVSS7.9AI score0.01894EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.13 views

CVE-2023-29803

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function...

9.8CVSS8AI score0.02156EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.6 views

CVE-2023-29804

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the syssmbpwdmod function...

8.8CVSS8AI score0.17491EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.8 views

CVE-2023-29798

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function...

9.8CVSS8AI score0.02014EPSS
Exploits1References1
Rows per page
Query Builder