Lucene search
K

8 matches found

CVE
CVE
added 2026/06/24 3:40 a.m.13 views

CVE-2026-12850

CVE-2026-12850 affects GeoVision GV-I/O Box 4E (version 2.09) via the internal library libNetSetObj.so . The CVE documents multiple OS command injection vulnerabilities, notably in CNetSetObj::m_F_n_Set_Gate_way (and related IP, NetMask, DNS, and gateway setters). The vulnerable functions take at...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.35 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
NVD
NVD
added 2026/02/06 9:16 p.m.7 views

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS0.00639EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 8:56 p.m.8 views

EUVD-2026-5577

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS5.4AI score0.00639EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:56 p.m.5 views

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

8.4CVSS5.4AI score0.00639EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/10 5:44 p.m.21 views

CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...

8.7CVSS0.02475EPSS
Exploits0References3
Saint
Saint
added 2012/08/24 12:0 a.m.25 views

Symantec Web Gateway pbcontrol.php Command Injection

Added: 08/24/2012 CVE: CVE-2012-2953 BID: 54426 OSVDB: 84120 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to...

10CVSS7.5AI score0.67389EPSS
Exploits9
Saint
Saint
added 2012/08/24 12:0 a.m.35 views

Symantec Web Gateway pbcontrol.php Command Injection

Added: 08/24/2012 CVE: CVE-2012-2953 BID: 54426 OSVDB: 84120 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to...

10CVSS7.5AI score0.67389EPSS
Exploits9
Rows per page
Query Builder