Lucene search
K

392 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 6:35 p.m.7 views

CVE-2026-23821 Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS6.1AI score0.00616EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:35 p.m.17 views

CVE-2026-23821

CVE-2026-23821 affects Access Points running AOS-10. The issue exists in the configuration processing logic and could allow an authenticated remote attacker to execute system commands on the underlying OS under certain pre‑existing conditions. Impact is described as arbitrary command execution wi...

7.2CVSS6.1AI score0.00616EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:34 p.m.8 views

CVE-2026-23820 Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...

7.2CVSS6.1AI score0.00555EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.98 views

Atlona ATOMERX21 - Authenticated Command Injection

// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...

6.3CVSS5.3AI score0.01143EPSS
Exploits2
EUVD
EUVD
added 2026/04/17 9:31 p.m.6 views

EUVD-2026-23521

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS6AI score0.01787EPSS
Exploits0References4
NVD
NVD
added 2026/04/17 8:16 p.m.9 views

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS0.01787EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 7:46 p.m.18 views

CVE-2026-35682 Anviz CX2 Lite Command Injection

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS0.01787EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 8:37 p.m.3 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS6.4AI score0.01398EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 8:37 p.m.12 views

CVE-2026-24893

openITCOCKPIT Community Edition

8.8CVSS6.4AI score0.01398EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/29 6:30 p.m.6 views

EUVD-2026-17041

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS5.9AI score0.01539EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 11:43 p.m.4 views

CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...

8.8CVSS6.2AI score0.02037EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/11 3:13 a.m.26 views

CVE-2026-23816 Authenticated Command Injection found in admin AOS-CX CLI command

A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.00671EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 3:13 a.m.10 views

CVE-2026-23816

The CVE-2026-23816 entry describes a vulnerability in the command line interface of AOS-CX Switches that could allow an authenticated remote attacker to execute arbitrary OS commands. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and privileges required: HIGH, ...

7.2CVSS6.1AI score0.00671EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 3:11 a.m.5 views

CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command

A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/10 4:1 p.m.137 views

Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware

GL-InjectoR: CVE-2022-31898 Authenticated Command Injection in...

6.8CVSS5.8AI score0.15933EPSS
Exploits4
CVE
CVE
added 2026/03/04 7:22 a.m.14 views

CVE-2026-28774

The CVE concerns IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) where the web-based Traceroute diagnostic utility is vulnerable. An authenticated attacker can inject arbitrary shell metacharacters into the flags parameter, resulting in OS command execution with ...

9.3CVSS6.2AI score0.02432EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.4 views

CVE-2025-63911

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS5.9AI score0.02323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...

8.8CVSS5.9AI score0.01285EPSS
Exploits0References1
NVD
NVD
added 2026/03/03 8:16 p.m.5 views

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...

8.8CVSS0.01285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22779

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description The software contains an authenticated command injection issue. The issue is triggered via the HMI Name parameter. An attacker with valid credentials can inject...

5.9AI score0.01285EPSS
Exploits0References5
Rows per page
Query Builder