9777 matches found
CVE-2026-28417
Vim (Vi IMproved) is affected by CVE-2026-28417 due to an OS command injection in the built-in netrw plugin. The vulnerability allows an attacker who entices a user to open a crafted URL (for example via scp://) to execute arbitrary shell commands with the Vim process privileges. Affected version...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21654 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
CVE-2026-21654
CVE-2026-21654 affects Johnson Controls Frick Controls Quantum HD (versions up to 10.22). Root cause: improper neutralization/validation of input leading to OS Command Injection. Impact: pre-authentication remote code execution and potential full device compromise; affected components/parameters ...
EUVD-2026-8958
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...
EUVD-2026-8974
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...
EUVD-2026-8955
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution...
EUVD-2026-8951
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body...
EUVD-2026-8946
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route...
EUVD-2026-8956
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route...
EUVD-2026-8945
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution...
CVE-2026-25196
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
CVE-2026-25037
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...
CVE-2026-23702
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...
CVE-2026-25111
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route...
CVE-2026-24695
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code executio...
CVE-2026-25195
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...
CVE-2026-24517
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route...