392 matches found
CVE-2026-23821 Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...
CVE-2026-23821
CVE-2026-23821 affects Access Points running AOS-10. The issue exists in the configuration processing logic and could allow an authenticated remote attacker to execute system commands on the underlying OS under certain pre‑existing conditions. Impact is described as arbitrary command execution wi...
CVE-2026-23820 Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...
Atlona ATOMERX21 - Authenticated Command Injection
// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...
EUVD-2026-23521
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...
CVE-2026-35682
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...
CVE-2026-35682 Anviz CX2 Lite Command Injection
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...
CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...
CVE-2026-24893
openITCOCKPIT Community Edition
EUVD-2026-17041
In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...
CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
CVE-2026-23816 Authenticated Command Injection found in admin AOS-CX CLI command
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-23816
The CVE-2026-23816 entry describes a vulnerability in the command line interface of AOS-CX Switches that could allow an authenticated remote attacker to execute arbitrary OS commands. The CVSSv3.1 base score is 7.2 (HIGH) with network access, low attack complexity, and privileges required: HIGH, ...
CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...
Exploit for OS Command Injection in Gl-Inet Gl-Mt300N-V2_Firmware
GL-InjectoR: CVE-2022-31898 Authenticated Command Injection in...
CVE-2026-28774
The CVE concerns IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) where the web-based Traceroute diagnostic utility is vulnerable. An authenticated attacker can inject arbitrary shell metacharacters into the flags parameter, resulting in OS command execution with ...
CVE-2025-63911
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...
CVE-2024-55022
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...
CVE-2024-55022
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...
PT-2026-22779
Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description The software contains an authenticated command injection issue. The issue is triggered via the HMI Name parameter. An attacker with valid credentials can inject...