CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

Zenitel TCIS-3+ 安全漏洞

Zenitel TCIS-3+ is an IP intercom terminal produced by the Norwegian company Zenitel. There is a security vulnerability in Zenitel TCIS-3+, which allows authenticated attackers to execute arbitrary commands on the underlying system using the file names uploaded by them...

Exploit for CVE-2025-65791

CVE-2025-65791 — Command Injection in ZoneMinder Overview...

CVE-2025-58383 Privilege escalation via bind command in Brocade Fabric OS

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

Broadcom Brocade Fabric OS 安全漏洞

Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to 9.2.1c2 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for administrator-level users to...

EUVD-2025-206613

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

EUVD-2026-5116

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-24729 Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

EUVD-2025-206573

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

CVE-2025-51958

CVE-2025-51958 affects the aelsantex runcommand plugin for DokuWiki, where an unauthenticated user can execute arbitrary system commands via lib/plugins/runcommand/postaction.php. The issue stems from the plugin allowing command execution without authentication, enabling an attacker to run comman...

EUVD-2025-206536

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

TP-Link Archer RE605X security vulnerabilities

The TP-Link Archer RE605X is a wireless signal amplifier produced by the TP-Link company. The TP-Link Archer RE605X has a security vulnerability, which stems from the backup restoration function not properly verifying unexpected or unidentifiable tags in the backup files, potentially allowing for...