PT-2026-40026

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

Hewlett Packard Enterprise ArubaOS 命令注入漏洞

Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS has a command injection vulnerability, which stems from a flaw in the command-line interface. This vulnerability could allow authenticated remote...

PT-2026-40377

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to...

Siemens RUGGEDCOM 操作系统命令注入漏洞

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...

PT-2026-40261

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...

EFW Framework 操作系统命令注入漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions prior to EFW Framework 4.08.010 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the lack of...

Dell PowerScale InsightIQ 操作系统命令注入漏洞

Dell PowerScale InsightIQ is a powerful performance monitoring and reporting tool developed by the American company Dell. Versions 6.0.0 to 6.2.0 of Dell PowerScale InsightIQ contain an operating system command injection vulnerability. This vulnerability stems from improper neutralization of...

PT-2026-40448

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the command line interface CLI service accessed via the PAPI protocol. An authenticated remote attacker can exploit these...

EFW Framework 命令注入漏洞

EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained a command injection vulnerability. This vulnerability stemmed from the lack of proper path checking in...

PT-2026-40110

Name of the Vulnerable Software and Affected Versions FortiAP versions 7.6.0 through 7.6.2 FortiAP versions 7.4.0 through 7.4.5 FortiAP version 7.2 FortiAP version 7.0 FortiAP version 6.4 FortiAP-W2 versions 7.4.0 through 7.4.4 FortiAP-W2 version 7.2 FortiAP-W2 version 7.0 Description An OS comma...

AXIS OS 安全漏洞

AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability may lead to command injection and potentially allow for privilege escalatio...

Siemens多款产品 操作系统命令注入漏洞

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Several Siemens products have vulnerabilities related to operating system command injection. These...

Fortinet FortiAP 操作系统命令注入漏洞

Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as versions 7.0.0 to 7.0.5 of FortiAP-U, all versions of 6.2, and...

PT-2026-40381

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description A command injection flaw in the web-based management interface allows an authenticated remote attacker to place arbitrary files on the underlying filesyst...

PT-2026-40375

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to...

PT-2026-40378

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to...

PT-2026-40340

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...