EUVD-2026-5116

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

Arbitrary Command Injection

Overview borgmatic is a Simple, configuration-driven backup software for servers and workstations Affected versions of this package are vulnerable to Arbitrary Command Injection via the command hook interpolation logic in borgmatic. An attacker can execute arbitrary shell commands by supplying...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the jsStringEscape function. An attacker can execute arbitrary code in generated files by injecting / sequences that breaks out of JavaScript comment blocks. Note: This vulnerability stems from an...

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the findfile function, which calls subprocess.Popen with shell=True. An attacker can execute arbitrary commands on the host system by injecting malicious...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-24729 Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

EUVD-2025-206573

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

CVE-2025-51958

CVE-2025-51958 affects the aelsantex runcommand plugin for DokuWiki, where an unauthenticated user can execute arbitrary system commands via lib/plugins/runcommand/postaction.php. The issue stems from the plugin allowing command execution without authentication, enabling an attacker to run comman...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the buildCmd function. An attacker can execute arbitrary commands by supplying crafted values in the buildOptions structure, which are embedded unsafely in Makefile commands. Note: This is only exploitabl...

EUVD-2025-206536

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

TP-Link Archer RE605X security vulnerabilities

The TP-Link Archer RE605X is a wireless signal amplifier produced by the TP-Link company. The TP-Link Archer RE605X has a security vulnerability, which stems from the backup restoration function not properly verifying unexpected or unidentifiable tags in the backup files, potentially allowing for...

Arbitrary Command Injection

Elysia is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsanitized injection of dynamic cookie configuration into compiled routes, which allows an attacker with write access to the cookie configuration to inject and execute arbitrary code...

Tendenci security vulnerabilities

Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 12.3...