1880 matches found
Exploit for OS Command Injection in Olivetin
cve-2025-50946 Exploit script for CVE-2025-50946...
Microsoft Power Pages 命令注入漏洞
Microsoft Power Pages is a secure, enterprise-level low-code SaaS platform provided by Microsoft. It is used for creating, hosting, and managing sophisticated external business websites. Microsoft Power Pages has a command injection vulnerability, which stems from improper neutralization of speci...
Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)
The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...
Aver PTC320UV2 命令注入漏洞
The Aver PTC320UV2 is an auto-tracking camera device from Aver Corporation. A command injection vulnerability exists in the Aver PTC320UV2 version 0.1.0000.65, which stems from a command injection vulnerability in the Web management interface that could allow an unauthenticated attacker to execut...
Amazon ECS Container Agent 操作系统命令注入漏洞
Amazon ECS Container Agent is an open-source elastic container service agent software developed by Amazon Web Services. Versions of Amazon ECS Container Agent prior to 1.103.0 contained an operating system command injection vulnerability. This vulnerability stems from improper handling of OS...
TÜBİTAK BİLGEM Pardus OS My Computer 操作系统命令注入漏洞
TÜBİTAK BİLGEM Pardus OS My Computer is a desktop component provided by the Turkish company TÜBİTAK BİLGEM, which offers functions for viewing system hardware and resource information. Versions of TÜBİTAK BİLGEM Pardus OS My Computer prior to version 0.8.0, as well as versions 0.7.5 and earlier,...
CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...
CVE-2026-7037
A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed...
MiroFish 注入漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish 0.1.2 and earlier have a vulnerability related to command injection, which stems from the SimulationIPCClient.sendcommand function in the...
CVE-2026-35073
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker...
EUVD-2026-22722
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...
CVE-2026-30305
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...
CVE-2026-4499 D-Link DIR-820LW SSDP ssdpcgi_main os command injection
A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...
Microsoft M365 Copilot 命令注入漏洞
Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability, which stems from improper neutralization of special elements in commands. This vulnerability could allow unauthorized attackers to le...
PT-2026-25573
A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...
Exploit for OS Command Injection in Motioneye_Project Motioneye
No d...
Biome MCP Server 命令注入漏洞
Biome MCP Server is a code inspection and formatting tool developed by Ryuzaki Shinji individually. Versions of Biome MCP Server 1.0.0 and earlier have a command injection vulnerability, which stems from incorrect handling of the file biome-mcp-server.ts, potentially leading to command injection...
CVE-2026-20017 Cisco Secure FTD Software Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
CVE-2026-24105
The CVE-2026-24105 issue affects Tenda AC15V1.0 (V15.03.05.18_multi) in the goform/formsetUsbUnload component. The vulnerability arises because the v1 value is not checked, potentially allowing command injection when used in doSystemCmd. Reported impacts indicate potential arbitrary command execu...
PT-2026-22250
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists that allows an authenticated attacker to execute code remotely. This is achieved by injecting malicious input into the map filename field during t...