Lucene search
K

411 matches found

Vulnrichment
Vulnrichment
added 2026/01/12 5:58 a.m.5 views

CVE-2026-0854 Merit LILIN|NVR - OS Command Injection

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS7.3AI score0.01025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.3 views

Broadcom DX NetOps Spectrum 安全漏洞

Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum version 23.3.6 and earlier, which stems from improper neutralization of a special element and could lead to OS...

9.8CVSS6.8AI score0.0079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.7 views

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...

10CVSS9.8AI score0.79673EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4711

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

8.1CVSS7AI score0.05769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.9 views

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

8.8CVSS7.5AI score0.01025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.9 views

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

9CVSS6.9AI score0.01343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 1:10 a.m.8 views

CVE-2025-11774

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...

8.2CVSS7AI score0.00492EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 5:51 a.m.5 views

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

8.6CVSS7.1AI score0.01261EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.10 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.0107EPSS
Exploits0References7
CVE
CVE
added 2025/12/13 6:32 a.m.16 views

CVE-2025-14586

CVE-2025-14586 affects TOTOLINK X5000R 9.1.0cu.2089_B20211224. The vulnerability is in snprintf in /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, where manipulation of the User argument leads to an OS command injection. Remote exploitation is possible and has been publicly disclosed. Connected...

9.8CVSS6.4AI score0.0246EPSS
In wildExploits1References5Affected Software1
Veracode
Veracode
added 2025/12/13 5:8 a.m.6 views

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

5CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.3 views

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02486EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

8.8CVSS7.9AI score0.0203EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 9:31 p.m.4 views

EUVD-2025-202723

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

7.3AI score0.02666EPSS
Exploits1References4
NVD
NVD
added 2025/12/11 7:15 p.m.7 views

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

8.8CVSS0.01809EPSS
Exploits1References2
NVD
NVD
added 2025/12/11 6:16 p.m.4 views

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS0.02627EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/11 12:0 a.m.5 views

EUVD-2025-202751

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

7.3AI score0.02482EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/11 12:0 a.m.30 views

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

0.02482EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50683

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...

8.8CVSS7AI score0.02666EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50652

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the chec...

8.8CVSS7.2AI score0.02077EPSS
Exploits0References6
Rows per page
Query Builder