Lucene search
K

9839 matches found

EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41536

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS6AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-54483

CVE-2026-54483 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is described as OS command injection caused by improper neutralization of special elements in certain OS commands. A hi...

6.7CVSS6AI score0.00482EPSS
Exploits0References1
Nuclei
Nuclei
added 4 days ago10 views

D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. id: CVE-2023-25280 info: name: D-Link DIR820LA1FW105B03 'pingaddr' - OS Command Injection author: pussycat0x severity:...

9.8CVSS6.9AI score0.98053EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
CVE
CVE
added 5 days ago10 views

CVE-2026-58457

CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-58452

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-34114 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-34114

Guardian language-system is affected by an unauthenticated OS command injection in translate_text.php. The code passes the id GET parameter directly into a PHP exec() call without sanitization, allowing an attacker to append shell metacharacters and execute arbitrary commands on the server. No au...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-34106

Guardian Language-System is affected by an unauthenticated OS command injection in subtitles.php. The id GET parameter is directly concatenated into a PHP exec() call without sanitization, enabling remote attackers to inject shell metacharacters and execute arbitrary commands on the server. The v...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-58452 JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-58452

The CVE covers JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Affected component is the NetSDK/Factory SetMAC HTTP PUT endpoint. The root cause is an OS command injection where a malicious Wireless parameter (starting with a MAC-like prefix, then a semicolon and a shell pay...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS0.01129EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-50043

SkyBridge MB-A100/MB-A110 are affected by CVE-2026-50043: improper neutralization of special elements used in an OS command (OS Command Injection). If an attacker can log in with administrative privileges, arbitrary OS commands may be executed. The connected documents do not specify a patch or wo...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago5 views

WordPress WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin <= 7.11 - Authenticated (Administrator+) OS Command Injection vulnerability

Authenticated Administrator+ OS Command Injection vulnerability discovered by Irwan Kusuma - wanjay in WordPress Plugin WP Database Backup versions = 7.11...

7.2CVSS5.8AI score0.01588EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-56137

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS0.00677EPSS
Exploits0References3
EUVD
EUVD
added last week6 views

EUVD-2026-40125

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotel...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
OSV
OSV
added last week5 views

PYSEC-2026-330 EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...

10CVSS5.9AI score0.00657EPSS
Exploits0References7
OSV
OSV
added last week6 views

PYSEC-2026-409 mcp-kubernetes-server has an OS Command Injection vulnerability

feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...

9.8CVSS6.1AI score0.01224EPSS
Exploits0References7
OSV
OSV
added last week5 views

PYSEC-2026-267 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

9.8CVSS7.4AI score0.03228EPSS
Exploits0References7
CVE
CVE
added last week10 views

CVE-2026-13561

Edimax EW-7478APC 1.04 is affected by CVE-2026-13561 in the formiNICbasic function of /goform/formiNICbasic within the POST Request Handler. The rootAPmac argument can be manipulated to achieve OS command injection, with remote execution possible as per the description. The exploit is public and ...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Rows per page
Query Builder