Lucene search
K

9826 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-8665

CVE-2026-8665 affects the Rapid7 InsightConnect Translate Plugin (Linux) via the TR action. The root cause is insufficient input sanitization in shell command construction within the TR action, allowing an attacker to supply text or expression parameters that leads to OS command execution. Docume...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39157

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-8663

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

8.8CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-8659

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

8.8CVSS0.00833EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-8659

CVE-2026-8659 describes an OS Command Injection in the Rapid7 InsightConnect SQLmap Plugin on Linux. The issue arises from insufficient input validation in connection configuration, allowing an authenticated attacker to execute arbitrary OS commands via the api_host or api_port parameters. The NV...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-8659 OS Command Injection in Rapid7 InsightConnect SQLmap Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...

6CVSS0.00833EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52444

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An OS Command Injection issue exists where special elements used in an OS command are not properly neutralized. This allows a low privileged attacker with local...

7.8CVSS6.1AI score0.00693EPSS
Exploits0References4
CVE
CVE
added last week11 views

CVE-2026-8663

CVE-2026-8663 describes an OS Command Injection in the Rapid7 InsightConnect RPM Plugin for Linux. The vulnerability arises from insufficient input sanitization during shell command construction, allowing an authenticated attacker to cause arbitrary OS command execution via the repo, key, or name...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.33 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.9 views

D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. id: CVE-2023-25280 info: name: D-Link DIR820LA1FW105B03 'pingaddr' - OS Command Injection author: pussycat0x severity:...

9.8CVSS6.8AI score0.98053EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.35 views

Zyxel Firewall - OS Command Injection

An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1...

10CVSS7.6AI score0.99938EPSS
Exploits25References5
NVD
NVD
added 2026/06/21 11:16 p.m.11 views

CVE-2026-12814

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

6.5CVSS0.01182EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Node.js

A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...

8.1CVSS6.7AI score0.05614EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 12:16 a.m.10 views

CVE-2026-12044

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS0.00513EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.112 views

OS Command Exec, Unix Command Shell, Bind TCP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf...

5.3AI score
Exploits0
CVE
CVE
added 2026/06/18 10:58 a.m.22 views

CVE-2026-40456

CVE-2026-40456 affects LMS (LAN Management System). The vulnerability is an OS command injection in the IP address parameter passed to exec() before commit 9fcb4de, enabling arbitrary command execution. Root cause is improper validation of the IP address input. Impact indicators from the provided...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.284 views

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS8.9AI score0.86205EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.101 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS9.1AI score0.96626EPSS
Exploits1References5
Rows per page
Query Builder