Lucene search
K

7959 matches found

CVE
CVE
added 2026/06/24 11:56 p.m.15 views

CVE-2026-8663

CVE-2026-8663 describes an OS Command Injection in the Rapid7 InsightConnect RPM Plugin for Linux. The vulnerability arises from insufficient input sanitization during shell command construction, allowing an authenticated attacker to cause arbitrary OS command execution via the repo, key, or name...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.36 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 1:46 p.m.4 views

CVE-2026-35018 NetComm NF20MESH < R6B032 Authenticated RCE via OS Command Injection

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

8.7CVSS6.2AI score0.02683EPSS
Exploits1References4
NVD
NVD
added 2026/06/21 11:16 p.m.12 views

CVE-2026-12814

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

6.5CVSS0.01182EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 10:58 a.m.28 views

CVE-2026-40456

CVE-2026-40456 affects LMS (LAN Management System). The vulnerability is an OS command injection in the IP address parameter passed to exec() before commit 9fcb4de, enabling arbitrary command execution. Root cause is improper validation of the IP address input. Impact indicators from the provided...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 10:58 a.m.2 views

CVE-2026-40456 OS Command Injection in LMS

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS6.2AI score0.00947EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS0.01786EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49827

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...

9.1CVSS6.2AI score0.00921EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:47 p.m.19 views

aws-cdk-lib: OS Command Injection in NodejsFunction Bundling

Summary AWS CDK aws-cdk-lib is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow a threat actor who...

7.3CVSS6.3AI score0.00936EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-50874

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

8.1CVSS0.01119EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

9.8CVSS5.8AI score0.00865EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/13 1:20 p.m.14 views

Ivanti Sentry - OS Command Injection

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution id: CVE-2026-10520 info: name: Ivanti Sentry - OS Command Injection author: DhiyaneshDk severity: critical...

10CVSS6.2AI score0.99041EPSS
Exploits6References2
NVD
NVD
added 2026/06/12 10:16 a.m.11 views

CVE-2026-11845

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS0.00951EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48840

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS5.8AI score0.00951EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

MariaDB Server 命令注入漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...

10CVSS5.9AI score0.00998EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/11 12:0 a.m.12 views

Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry formerly known as MobileIron Sentry contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged sta...

10CVSS6.3AI score0.99041EPSS
In wildExploits6
NVD
NVD
added 2026/06/10 10:16 p.m.15 views

CVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS0.01187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 5:39 p.m.35 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7.3CVSS0.00936EPSS
Exploits1References3
OSV
OSV
added 2026/06/10 5:39 p.m.3 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7CVSS6.2AI score0.00936EPSS
Exploits1References5
Rows per page
Query Builder