Western Digital MyCloud NAS - Command Injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data. id: CVE-2016-10108 info: name: Western Digital MyCloud NAS - Command Injection author: DhiyaneshDk severity: critical...

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

TRENDnet TEW-657BRM add_wps_client function OS command injection vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM addwpsclient function, which originates from a misuse of the addwpsclient function parameter wlenroleepin in the file /setup.cgi, and can be exploited by an attacker to...

CVE-2025-66178

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated...

EUVD-2025-29170

Malicious code in bioql PyPI...

CVE-2025-11096

The CVE-2025-11096 entry concerns D-Link DIR-823X (version 250416) and a command-injection flaw in the /goform/diag_traceroute handler. The root cause is manipulation of the target_addr argument, enabling remote code execution. The vulnerability is reported as exploitable remotely and an exploit ...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

VulnCheck KEV: CVE-2022-37056

D-Link GO-RT-AC750 GORTAC750revAv101b03 and GO-RT-AC750revBFWv200b02 is vulnerable to an operating system command injection vulnerability...

Qnap QTS OS Command Injection (CVE-2021-28804)

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc...

D-Link多款产品 命令注入漏洞

The D-Link DNS-325 and others are a NAS Network Attached Storage device from China-based D-Link. A command injection vulnerability exists in various D-Link products, which originates from a command injection vulnerability in the fmodulename parameter of the moduleenabledisable function in the...

UBUNTU-CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

CVE-2022-35844

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted argument...

CVE-2022-24390

Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...

CVE-2022-24390

Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...

CVE-2022-25328

The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...

Echo ShareCare 参数注入漏洞

ShareCare is a clinical and financial software system from Echo Group. A security vulnerability exists in Echo ShareCare version 8.15.5, which stems from the UnzipFile function in "Access/EligFeedParseSup/UnzipFileUpd.cfm", which is susceptible to a command parameter injection vulnerability when...

CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...

Exploit for OS Command Injection in Webmin

CVE-2019-15107 Webmin RCE Failed to change password : The c...

Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns

No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...

k_shoutBox <= 4.4 Remote File Inclusion Vulnerability

No description provided by source. Kurdish Security ShoutBox Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : ShoutBox Site : http://www.knusperleicht.at Code : // // INCLUDE PATH define'SBINCLUDEPATH',...