Lucene search
+L

7962 matches found

nuclei
nuclei
added 3 days ago59 views

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument starthour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised syste...

9.8CVSS7.1AI score0.79513EPSS
Exploits1References4
ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-57817

Name of the Vulnerable Software and Affected Versions Vitec Flamingo version 4.12.2 Description An unauthenticated OS command injection exists in the 'admin/ajax/gen graphs.php' endpoint. Remote attackers can execute arbitrary commands with root privileges by providing shell metacharacters throug...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References10
cvelist
cvelist
added 4 days ago35 views

CVE-2026-15511 Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection

A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function systemwluploadpicfile of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to...

10CVSS0.0269EPSS
Exploits0References5
cve
cve
added 4 days ago14 views

CVE-2026-15496

SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
cve
cve
added 4 days ago12 views

CVE-2026-15495

The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
euvd
euvd
added 4 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
cvelist
cvelist
added 6 days ago31 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
cve
cve
added 6 days ago16 views

CVE-2026-56688

Dell PowerFlex Manager (versions before 5.1.0.1) is vulnerable to an OS Command Injection via OS Repository processing, caused by improper neutralization of special elements. A remote, high-privileged attacker could execute arbitrary commands as root, potentially causing full appliance compromise...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References1Affected Software1
cve
cve
added 6 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
cve
cve
added 6 days ago7 views

CVE-2026-41876

CVE-2026-41876 affects R-SOFT DMS. The vulnerability is an OS Command Injection in konwertujAction(), where the document converter executes shell commands using unsanitized file paths and format parameters, allowing an authenticated attacker to run arbitrary commands with the web server user’s pr...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago34 views

CVE-2026-41876 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS0.01228EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 4:25 p.m.39 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS0.01803EPSS
Exploits0References4
osv
osv
added 2026/07/08 4:25 p.m.4 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

7.7CVSS6.3AI score0.01803EPSS
Exploits0References7
cve
cve
added 2026/07/08 4:25 p.m.21 views

CVE-2026-60102

The vulnerability is in Horde VFS API before 3.0.1, specifically the Horde_Vfs_Smb driver. The _escapeShellCommand() function fails to sanitize command substitution, allowing authenticated attackers to inject arbitrary shell commands via user-controlled filenames. Malicious filenames containing u...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 3:32 p.m.7 views

EUVD-2026-42291

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
cve
cve
added 2026/07/08 1:15 p.m.10 views

CVE-2026-15033

Technical details (affected product/version, root cause, exploit details, or remediation) are not publicly provided in the supplied documents; monitor for updates.

6.5CVSS6.3AI score0.01067EPSS
Exploits0References6
osv
osv
added 2026/07/08 12:6 p.m.3 views

RLSA-2026:36189 Important: perl-HTTP-Daemon security update

The perl-HTTP-Daemon package includes the HTTP::Daemon class, a subclass of IO::Socket::IP. Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. Security Fixes: perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in...

8.1CVSS6.4AI score0.01452EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56586

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 12.1.8 PAN-OS versions prior to 11.2.13 PAN-OS versions prior to 11.1.16 PAN-OS versions prior to 10.2.18-h8 Description A command injection issue exists in the management plane of the software, specifically within the...

8.5CVSS6.2AI score0.014EPSS
Exploits0References6
cve
cve
added 2026/07/08 12:0 a.m.9 views

CVE-2026-24697

Summary: CVE-2026-24697 is an OS command injection in the rc binary's start_bonjour() on Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8). The issue stems from improper sanitization of the wan_hostname configuration parameter, potentially allowing an authenticated re...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/07/07 7:16 p.m.10 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS0.01372EPSS
Exploits0References2
Rows per page
Query Builder