1885 matches found
Biome MCP Server 命令注入漏洞
Biome MCP Server is a code inspection and formatting tool developed by Ryuzaki Shinji individually. Versions of Biome MCP Server 1.0.0 and earlier have a command injection vulnerability, which stems from incorrect handling of the file biome-mcp-server.ts, potentially leading to command injection...
CVE-2026-20017 Cisco Secure FTD Software Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
CVE-2026-24105
The CVE-2026-24105 issue affects Tenda AC15V1.0 (V15.03.05.18_multi) in the goform/formsetUsbUnload component. The vulnerability arises because the v1 value is not checked, potentially allowing command injection when used in doSystemCmd. Reported impacts indicate potential arbitrary command execu...
PT-2026-22250
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists that allows an authenticated attacker to execute code remotely. This is achieved by injecting malicious input into the map filename field during t...
CVE-2025-33181
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges...
CVE-2026-3101 Intelbras TIP 635G Ping os command injection
A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...
UTT HiPER 520 操作系统命令注入漏洞
UTT HiPER 520 is a high-performance router produced by UTT Corporation. The version 1.7.7-160105 of UTT HiPER 520 contains a vulnerability related to operating system command injection. This vulnerability stems from an error in the handling of the parameter policyNames in the function sub44D264 o...
CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...
CVE-2026-2528
A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1731link is external BeyondTrust Remote Support RS and Privileged Remote Access PRA OS Command Injection Vulnerability These types of vulnerabilities are...
PT-2026-7021
Name of the Vulnerable Software and Affected Versions UTT 进取 521G version 3.1.1-190816 Description A flaw exists in the function sub 446B18 located in the file /goform/formPdbUpConfig. Manipulation of the policyNames argument can result in operating system command injection. This issue is...
CVE-2026-22226
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
Ruijie Networks AP180 series vulnerable to OS command injection
Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
TRENDnet TEW-713RE Operating System Command Injection Vulnerability
The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...
CVE-2025-46645
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...
CVE-2023-43137
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points...
CVE-2023-43892
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload...
CVE-2023-29803
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function...
CVE-2023-29804
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the syssmbpwdmod function...
CVE-2023-29798
TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function...