CVE-2026-0507 OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...

Algo 8028 Control Panel 操作系统命令注入漏洞

The Algo 8028 Control Panel is a web configuration interface for an access control intercom system from Algo. An operating system command injection vulnerability exists in Algo 8028 Control Panel version 3.3.3, which stems from the presence of command injection in the fm-data.lua endpoint, which...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS that stems from a packet header that can be injected with shell commands, which could lead to the execution of arbitrary commands...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

SAP Application Server for ABAP 操作系统命令注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. SAP Application Server for ABAP suffers from an operating system command injection vulnerability that stems from OS command injection, which could lead to an authenticated attacker uploading special...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high performance Application Delivery Controller ADC and load balancer from Progress, Inc. A security vulnerability exists in Progress LoadMaster that stems from an uncleaned API input parameter, which could lead to the execution of arbitrary commands by an authenticated...

CVE-2026-22812

CVE-2026-22812 — OpenCode prior to version 1.0.216 contains an unauthenticated HTTP server that starts automatically with permissive CORS and no authentication. This server exposes endpoints such as POST /session to create a session and POST /session/{id}/shell to execute arbitrary shell commands...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

n8n Node.js Package 1.x < 2.0.0 Arbitrary Command Execution (N8scape)

The version of the n8n Node.js Package installed on the remote host is 1.x prior to 2.0.0. It is, therefore, affected by an arbitrary command execution vulnerability: - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...

EUVD-2026-1886

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

CVE-2014-4982

LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server...

CVE-2023-43206

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function webcertdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2023-40158

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...

CVE-2018-18320

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote co...