9777 matches found
EUVD-2026-23165
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CVE-2026-6349
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CVE-2026-6349
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CVE-2026-6349 HGiga|iSherlock - OS Command Injection
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CVE-2026-6349
CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...
HGiga iSherlock 安全漏洞
HGiga iSherlock is a series of software products developed by the Chinese company HGiga. HGiga iSherlock has a security vulnerability, which stems from OS command injection, potentially allowing for the execution of arbitrary OS commands...
EUVD-2026-23031
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
PT-2026-33132
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-35196
Chamilo LMS vulnerable to OS Command Injection prior to 2.0.0-RC.3. The flaw resides in the gradebook.ajax.php endpoint (export_all_certificates action), where the course code is taken from $_SESSION['_cid'] via api_get_course_id() and concatenated into a shell_exec() command without sanitization...
EUVD-2026-22338
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39808
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...
CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27675
CVE-2026-27675 affects SAP Landscape Transformation via an RFC-exposed function module that could allow a high-privilege attacker to inject arbitrary ABAP code and operating-system commands. The described impact is limited: confidentiality and availability are unaffected, while integrity could be...
EUVD-2026-21990
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...
CVE-2026-34188
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-34188 OS Command Injection in Event Response Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...