RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

EUVD-2026-5116

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

PT-2026-5683

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

PT-2026-5645

Name of the Vulnerable Software and Affected Versions ONT/Beacon devices affected versions not specified Description The unified WEBUI application contains a flaw in how it handles user input. This allows authenticated users to potentially execute commands on the underlying operating system...

Signal K Server 操作系统命令注入漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 1.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insecure shell command constructions when handling the...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which arise when incorrect inputs provided by HLOS trigger trusted zones that contain exploits, potentially leading to encryption-related issues...

ROS-20260202-73-0020

Vulnerability in kernel-lt related to lack of memory release after effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-5674

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...

CVE-2025-71182

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if device is no longer registered syzbot is still reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 "can: j1939: add missing...

EUVD-2025-206554

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources...

EUVD-2020-30945

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2026-1723 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498B20250826...

CVE-2026-1723

CVE-2026-1723 concerns TOTOLINK X6000R where improper neutralization of special elements leads to an OS command injection. The issue is described as affecting X6000R firmware through version V9.4.0cu.1498_B20250826, with network-based attack vector and no user interaction required, per the connec...

ROOT-OS-DEBIAN-12-CVE-2025-68276 CVE-2025-68276 in rootio-avahi - Patched by Root

Root has patched CVE-2025-68276 in the rootio-avahi package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...