9826 matches found
CVE-2026-8665
CVE-2026-8665 affects the Rapid7 InsightConnect Translate Plugin (Linux) via the TR action. The root cause is insufficient input sanitization in shell command construction within the TR action, allowing an attacker to supply text or expression parameters that leads to OS command execution. Docume...
EUVD-2026-39158
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...
EUVD-2026-39157
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...
CVE-2026-8663
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...
CVE-2026-8659
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
CVE-2026-8659
CVE-2026-8659 describes an OS Command Injection in the Rapid7 InsightConnect SQLmap Plugin on Linux. The issue arises from insufficient input validation in connection configuration, allowing an authenticated attacker to execute arbitrary OS commands via the api_host or api_port parameters. The NV...
CVE-2026-8659 OS Command Injection in Rapid7 InsightConnect SQLmap Plugin
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
PT-2026-52444
Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An OS Command Injection issue exists where special elements used in an OS command are not properly neutralized. This allows a low privileged attacker with local...
CVE-2026-8663
CVE-2026-8663 describes an OS Command Injection in the Rapid7 InsightConnect RPM Plugin for Linux. The vulnerability arises from insufficient input sanitization during shell command construction, allowing an authenticated attacker to cause arbitrary OS command execution via the repo, key, or name...
CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...
D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection
OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. id: CVE-2023-25280 info: name: D-Link DIR820LA1FW105B03 'pingaddr' - OS Command Injection author: pussycat0x severity:...
Zyxel Firewall - OS Command Injection
An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1...
CVE-2026-12814
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...
Astra Linux – Vulnerability in Node.js
A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...
CVE-2026-12044
SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...
OS Command Exec, Unix Command Shell, Bind TCP (via socat)
Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf...
CVE-2026-40456
CVE-2026-40456 affects LMS (LAN Management System). The vulnerability is an OS command injection in the IP address parameter passed to exec() before commit 9fcb4de, enabling arbitrary command execution. Root cause is improper validation of the IP address input. Impact indicators from the provided...
CVE-2026-53876
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...
D-Link - Unauthenticated Remote Code Execution
OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...