Lucene search
K

7913 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48840

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS5.8AI score0.00951EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

MariaDB Server 命令注入漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...

10CVSS5.9AI score0.00998EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/11 12:0 a.m.12 views

Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry formerly known as MobileIron Sentry contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged sta...

10CVSS6.3AI score0.99041EPSS
In wildExploits6
NVD
NVD
added 2026/06/10 10:16 p.m.13 views

CVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS0.01193EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:39 p.m.31 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7.3CVSS0.00936EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.16 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.2AI score0.99041EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48489

Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...

7.3CVSS6.2AI score0.00936EPSS
Exploits1References11
OSV
OSV
added 2026/06/09 10:0 p.m.6 views

GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

9.9CVSS6.3AI score0.00161EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/09 10:0 p.m.14 views

Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

6.4AI score0.00161EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35444

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS6.3AI score0.34454EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 2:27 p.m.88 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS0.23393EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:10 p.m.12 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS6.3AI score0.99041EPSS
Exploits6References1
Cvelist
Cvelist
added 2026/06/09 2:10 p.m.37 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS0.99041EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48344

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL COMMANDS whitelist and achieving full Remote Code Executio...

9.9CVSS6.3AI score0.00161EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47806

Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An OS command injection issue exists in Ivanti Sentry due to improper neutralization of special elements. This...

10CVSS6.6AI score0.99041EPSS
Exploits6References126
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.6 views

PT-2026-52485

Name of the Vulnerable Software and Affected Versions Schneider Electric PowerLogic P7 affected versions not specified Description An OS Command Injection issue exists in the firmware of the device, which occurs when special elements used in OS commands are not properly neutralized. This flaw...

9CVSS6AI score0.01191EPSS
Exploits0References5
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or...

9.1CVSS5.5AI score0.01231EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...

9.1CVSS5.6AI score0.01231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47446

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...

7.7CVSS6.6AI score0.00921EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS6AI score0.02008EPSS
Exploits1References1
Rows per page
Query Builder