9777 matches found
CVE-2021-27104
Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...
CVE-2021-27201
Endian Firewall Community aka EFW 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment...
EUVD-2026-16587
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4620
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4620
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
EUVD-2026-16543
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...
CVE-2026-27650
CVE-2026-27650: OS Command Injection in BUFFALO Wi‑Fi router products. Connected sources confirm a remote, unauthenticated OS command injection risk with potential arbitrary command execution and device takeover. Affected versions are not specified in available details; exploit is described as oc...
CVE-2026-27650
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...
PT-2026-28355
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description An OS Command Injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow an attacker to execute arbitrary OS commands on...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
CVE-2026-30303
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
CVE-2026-26213
The CVE-2026-26213 issue affects thingino-firmware up to firmware-2026-03-16, where an unauthenticated OS command injection exists in the WiFi captive portal CGI script. An attacker can inject malicious code through unsanitized HTTP parameter names, exploiting eval in parse_query() and parse_post...
CVE-2025-15519
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...
CVE-2025-66178
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated...
CVE-2026-25836
An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...
CVE-2026-32968
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
CVE-2026-33478
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...