Lucene search
+L

179 matches found

euvd
euvd
added 2026/02/27 3:30 a.m.9 views

EUVD-2026-8980

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS6AI score0.01934EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/27 12:46 a.m.24 views

CVE-2026-20910 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code execution...

8CVSS0.01489EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/27 12:0 a.m.10 views

PT-2026-22270

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An OS command injection issue exists, allowing an authenticated attacker to execute code remotely. This is achieved by providing malicious input through the device hostname configuration during...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/02/26 10:52 p.m.3 views

CVE-2026-28269 Kiteworks Core has an OS Command Injection

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

5.9CVSS6.2AI score0.01951EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/25 12:0 a.m.11 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

9.8CVSS5.9AI score0.00314EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/13 3:39 a.m.5 views

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

8.8CVSS5.9AI score0.04974EPSS
Exploits0References2
nvd
nvd
added 2026/02/08 9:15 a.m.15 views

CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

8.6CVSS0.04317EPSS
Exploits1References5
euvd
euvd
added 2026/02/06 6:12 p.m.9 views

EUVD-2025-206884

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.01755EPSS
Exploits13References1
osv
osv
added 2026/02/06 6:12 p.m.6 views

CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.01755EPSS
Exploits13References3
github
github
added 2026/02/06 5:59 p.m.21 views

OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

9.4CVSS6.1AI score0.01755EPSS
Exploits13References3Affected Software1
redhatcve
redhatcve
added 2026/02/03 9:19 p.m.5 views

CVE-2026-0631

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS6.1AI score0.01293EPSS
Exploits0References1
nvd
nvd
added 2026/02/02 6:16 p.m.11 views

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...

8.5CVSS0.01296EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/01/30 8:38 a.m.8 views

CVE-2026-21418

Dell Unity, versions 5.5.2 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/01/30 8:27 a.m.4 views

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/14 7:25 p.m.6 views

CVE-2026-21267

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

8.6CVSS7.7AI score0.00716EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/12 5:58 a.m.5 views

CVE-2026-0854 Merit LILIN|NVR - OS Command Injection

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS7.3AI score0.01025EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 8:57 a.m.10 views

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

8.8CVSS7.5AI score0.01025EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:41 a.m.11 views

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

9CVSS6.9AI score0.01343EPSS
Exploits0References1
euvd
euvd
added 2025/12/18 5:51 a.m.5 views

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

8.6CVSS7.1AI score0.01261EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/12/15 12:0 a.m.13 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.01018EPSS
Exploits0References7
Rows per page
Query Builder