Lucene search
K

459 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 8:38 a.m.6 views

CVE-2026-21418

Dell Unity, versions 5.5.2 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:27 a.m.3 views

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 8:16 a.m.4 views

CVE-2026-20759

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

8.8CVSS7.2AI score0.01503EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.6 views

CVE-2026-21267

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

8.6CVSS7.7AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2025-69269

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier...

9.8CVSS7.1AI score0.0079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-0855

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS7.6AI score0.01081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 6:25 p.m.6 views

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

8.6CVSS7.4AI score0.00716EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 4:32 p.m.29 views

CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

9.8CVSS0.42649EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/01/12 5:58 a.m.4 views

CVE-2026-0854 Merit LILIN|NVR - OS Command Injection

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS7.3AI score0.01025EPSS
Exploits0References2
CVE
CVE
added 2026/01/10 8:2 a.m.16 views

CVE-2025-15502

The CVE-2025-15502 entry affects Sangfor Operation and Maintenance Management System up to version 3.0.8. The vulnerability lies in the SessionController function at /isomp-protocol/protocol/session, where manipulating the Hostname argument enables OS command injection. It is exploitable remotely...

9.8CVSS6.6AI score0.05577EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/01/09 3:31 p.m.22 views

CVE-2025-46644

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization...

6CVSS0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.9 views

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

8.8CVSS7.5AI score0.01025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.9 views

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

9CVSS6.9AI score0.01343EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 5:51 a.m.4 views

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

8.6CVSS7.1AI score0.01261EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.0107EPSS
Exploits0References7
CVE
CVE
added 2025/12/13 6:32 a.m.16 views

CVE-2025-14586

CVE-2025-14586 affects TOTOLINK X5000R 9.1.0cu.2089_B20211224. The vulnerability is in snprintf in /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, where manipulation of the User argument leads to an OS command injection. Remote exploitation is possible and has been publicly disclosed. Connected...

9.8CVSS6.4AI score0.0246EPSS
In wildExploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

TOTOLINK X5000R 操作系统命令注入漏洞

TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK X5000R version 9.1.0cu.2089B20211224, which stems from incorrect operation of the parameter User in the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, which could...

9.8CVSS6.8AI score0.0246EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.3 views

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02486EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

8.8CVSS7.9AI score0.0203EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 7:15 p.m.6 views

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

8.8CVSS0.01809EPSS
Exploits1References2
Rows per page
Query Builder