CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.6CVSS6.1AI score0.0037EPSS

Acer Predator Connect W6x 代码注入漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a code injection vulnerability, which stems from allowing injections and execution of arbitrary shell commands...

9.9CVSS6.1AI score0.00758EPSS

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from authenticated OS command injections at the WebSocket endpoints, allowing any member of an...

CNNVD•added 2026/05/29 12:0 a.m.•10 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the tRPC endpoint of application.updateTraefikConfig, where authenticated OS commands cou...

9CVSS6.1AI score0.00763EPSS

CNNVD•added 2026/05/29 12:0 a.m.•9 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

8.8CVSS5.8AI score0.00841EPSS

CNNVD•added 2026/05/29 12:0 a.m.•8 views

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...

6.5CVSS6.7AI score0.0501EPSS

Exploits1References4

OSSF Malicious Packages•added 2026/05/29 12:0 a.m.•12 views

Malicious code in @t-in-one/safe_local_storage_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44819

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

7.5CVSS6AI score0.00505EPSS

OSV•added 2026/05/29 12:0 a.m.•8 views

MAL-2026-5046 Malicious code in @t-in-one/send_add_application (npm)

5.8AI score

OSV•added 2026/05/29 12:0 a.m.•9 views

MAL-2026-5035 Malicious code in @t-in-one/add_application_service_token (npm)

5.8AI score

CNNVD•added 2026/05/29 12:0 a.m.•9 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

7.8CVSS6AI score0.00505EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•12 views

PT-2026-44904

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.2 Description An authenticated user can execute arbitrary OS commands on the host system through the Docker file upload functionality. The issue occurs because the destinationPath parameter is not properly...

9.9CVSS6.2AI score0.00866EPSS

Exploits0References3

CNNVD•added 2026/05/29 12:0 a.m.•8 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44805

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Comma...

8.5CVSS6.1AI score0.00882EPSS

Exploits0References4

CNNVD•added 2026/05/29 12:0 a.m.•8 views

Microsoft Office SharePoint Operating System Command Injection Vulnerability

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a vulnerability related to operating system command injection. This vulnerability stems from deserialized untrusted data, which...

8CVSS6AI score0.00638EPSS

CNNVD•added 2026/05/29 12:0 a.m.•6 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 contained a security vulnerability; this vulnerability could allow command execution due to guest user...

8.8CVSS5.9AI score0.00332EPSS

9.8CVSS6.1AI score0.0138EPSS

Waterfall WF-500 操作系统命令注入漏洞

8.5CVSS6.1AI score0.00882EPSS

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44812

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.0138EPSS

7.8CVSS5.8AI score0.00455EPSS

JetBrains IntelliJ IDEA 操作系统命令注入漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 had a vulnerability related to operating system command injection, which stemmed from filename completion...