Lucene search
+L

179 matches found

CVE
CVE
added 2026/04/30 6:35 p.m.27 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.37 views

CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

7.5CVSS0.01394EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.3 views

CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS8.2AI score0.02448EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33766

Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS Command Injection flaw in the user interface allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References3
CVE
CVE
added 2026/04/17 8:25 p.m.14 views

CVE-2026-23500

Dolibarr Dolibarr ERP/CRM prior to 23.0.0 is vulnerable to OS Command Injection via MAIN_ODT_AS_PDF in odf.php. An authenticated administrator can inject arbitrary commands by injecting into the MAIN_ODT_AS_PDF configuration constant, using command separators to execute as the web server user whe...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “enable” in the file...

10CVSS7.3AI score0.02981EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.11 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the sambaEnabled parameter in the setStorageCfg...

10CVSS7.3AI score0.01803EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations performed by the setVpnPassCfg function in the...

10CVSS7.3AI score0.15952EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.11 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an operation on the mode parameter in the setWiFiAclRules...

10CVSS7.3AI score0.01766EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from an incorrect operation of the setIpv6LanCfg function in the...

10CVSS7.3AI score0.14277EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 6:58 p.m.3 views

CVE-2026-35020

This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model of CLI tools...

6.2AI score0.00114EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 6:58 p.m.25 views

CVE-2026-35020

...

0.00114EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/05 1:15 a.m.34 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.5 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/30 5:0 p.m.28 views

CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

5.3CVSS0.0083EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/27 3:30 p.m.3 views

EUVD-2026-16600

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

9.8CVSS6.2AI score0.01376EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/19 6:23 p.m.235 views

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

9.3CVSS7.5AI score0.99652EPSS
Exploits10
OSV
OSV
added 2026/03/08 1:15 a.m.5 views

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

9.8CVSS5.6AI score0.01922EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/06 7:8 a.m.37 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS0.02132EPSS
Exploits2References1
EUVD
EUVD
added 2026/02/27 3:30 a.m.5 views

EUVD-2026-8976

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References4
Rows per page
Query Builder