CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70843 matches found

EUVD•added 2026/05/04 7:10 p.m.•5 views

EUVD-2026-27120

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.02615EPSS

Exploits0References3

CVE•added 2026/05/04 7:10 p.m.•14 views

CVE-2026-41923

CVE-2026-41923 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter....

9.3CVSS6.1AI score0.02615EPSS

Exploits0References3

ATTACKERKB•added 2026/05/04 7:10 p.m.•6 views

CVE-2026-41923

9.3CVSS6.1AI score0.02615EPSS

Exploits0References4

Cvelist•added 2026/05/04 7:10 p.m.•32 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

9.3CVSS0.02615EPSS

Exploits0References3

Vulnrichment•added 2026/05/04 7:10 p.m.•5 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

9.3CVSS6.1AI score0.02615EPSS

Exploits0References3

Cvelist•added 2026/05/04 7:4 p.m.•40 views

CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

9.3CVSS0.04983EPSS

Exploits0References3

EUVD•added 2026/05/04 7:4 p.m.•3 views

EUVD-2026-27117

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

9.3CVSS6.6AI score0.04983EPSS

Exploits0References3

IBM Security Bulletins•added 2026/05/04 5:28 p.m.•4 views

Security Bulletin: TSSC/IMC is vulnerable to OS Command Injection

Summary TSSC/IMC is vulnerable to an OS Command Injection CWE-78 attack on a HTTP/HTTPS endopoint. Vulnerability Details CVEID:CVE-2026-5935 DESCRIPTION: TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation...

9.8CVSS6.1AI score0.0034EPSS

Exploits0Affected Software1

NVD•added 2026/05/04 5:16 p.m.•8 views

CVE-2026-42076

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

9.8CVSS0.01305EPSS

Exploits0References2

CVE•added 2026/05/04 4:48 p.m.•21 views

CVE-2026-42076

CVE-2026-42076 affects Evolver, a GEP-powered self-evolving engine for AI agents. A command injection flaw exists in the _extractLLM() function prior to version 1.69.3: the code builds a curl command via string concatenation and passes it to execSync() without proper sanitization, enabling remote...

9.8CVSS6.7AI score0.01305EPSS

Exploits0References2

ATTACKERKB•added 2026/05/04 4:48 p.m.•1 views

CVE-2026-42076

9.8CVSS6.7AI score0.01305EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/04 4:48 p.m.•5 views

CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

9.8CVSS6.7AI score0.01305EPSS

Exploits0References2

Cvelist•added 2026/05/04 4:48 p.m.•32 views

CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

9.8CVSS0.01305EPSS

Exploits0References2

EUVD•added 2026/05/04 4:48 p.m.•11 views

EUVD-2026-27009

9.8CVSS6.7AI score0.01305EPSS

Exploits0References2

NVD•added 2026/05/04 12:16 p.m.•11 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.01182EPSS

Exploits0References2

Vulnrichment•added 2026/05/04 11:53 a.m.•4 views

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

7.2CVSS5.8AI score0.01182EPSS

Exploits0References2

EUVD•added 2026/05/04 11:53 a.m.•6 views

EUVD-2026-26945

7.2CVSS5.8AI score0.01182EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 10:47 a.m.•3 views

CVE-2026-7246

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

7.2CVSS6AI score0.00665EPSS

Exploits1References5

OSV•added 2026/05/04 10:46 a.m.•4 views

OPENSUSE-SU-2026:20670-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources bsc1255768. - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definiti...

8.8CVSS6.2AI score0.01256EPSS

Exploits4References6

OSV•added 2026/05/04 10:45 a.m.•5 views

SUSE-SU-2026:21542-1 Security update for php-composer2

8.8CVSS6.2AI score0.01256EPSS

Exploits4References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by