Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9777 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/29 10:51 a.m.8 views

CVE-2025-41270

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.00368EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 10:48 a.m.6 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS6.1AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 10:48 a.m.31 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00306EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 10:48 a.m.33 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 10:48 a.m.13 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-44812

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.8 views

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

9.9CVSS6.4AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.9 views

PT-2026-44813

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.8 views

PT-2026-44815

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...

9.8CVSS6.1AI score0.00368EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.9 views

PT-2026-44814

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.10 views

PT-2026-44810

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...

9.8CVSS6.1AI score0.00368EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.10 views

PT-2026-44817

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/28 3:46 p.m.30 views

CVE-2026-44477 CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

9.4CVSS0.00045EPSS
Exploits0References2
CVE
CVEadded 2026/05/28 3:46 p.m.14 views

CVE-2026-44477

CVE-2026-44477 affects CloudNativePG prior to 1.29.1 and 1.28.3. The metrics exporter opens a PostgreSQL connection as the superuser and demotes to pg_monitor with SET ROLE, but the session_user remains postgres. Any SQL in the scrape session can call RESET ROLE to recover superuser privileges, t...

9.9CVSS5.9AI score0.00045EPSS
Exploits0References2Affected Software1
Nuclei
Nucleiadded 2026/05/28 5:39 a.m.88 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS7.8AI score0.94207EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/05/27 9:32 p.m.34 views

CVE-2026-45322 OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...

7.8CVSS0.00067EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/27 8:13 p.m.10 views

CVE-2026-9385

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...

10CVSS7AI score0.01254EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 2:16 p.m.8 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS0.00074EPSS
Exploits0References3
Nuclei
Nucleiadded 2026/05/27 12:33 a.m.32 views

Zyxel Firewall - OS Command Injection

An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1...

10CVSS7.6AI score0.94445EPSS
Exploits25References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 12:0 a.m.5 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.00074EPSS
Exploits0References4
Rows per page
Query Builder