Lucene search
K

19631 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.8 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 4:17 a.m.13 views

CVE-2025-66273

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.01049EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 3:14 a.m.37 views

CVE-2026-24719 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.00977EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:5 a.m.9 views

EUVD-2025-210100

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 3:5 a.m.29 views

CVE-2025-66279

CVE-2025-66279 is a command-injection vulnerability affecting several QNAP OS versions. The issue allows an attacker who already has an administrator account to execute arbitrary commands remotely. Affected products/versions include QTS 5.2.9.3410 build 20260214 and later; QuTS hero h5.2.9.3410 b...

8.6CVSS6AI score0.01049EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/10 3:4 a.m.9 views

CVE-2025-66273 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 12:30 a.m.76 views

Exploit for CVE-2026-48732

CVE-2026-48732: Warp Remote SSH cwd Command Injection PoC...

5.7AI score0.01007EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability arises from command injections, whic...

8.6CVSS6AI score0.00988EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 2:30 p.m.29 views

CVE-2026-10727

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...

7.2CVSS0.01634EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:46 a.m.10 views

EUVD-2026-35383

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:46 a.m.33 views

CVE-2026-46746

Vulnerability summary (CVE-2026-46746): In Siemens SINEC INS, all versions prior to V1.0 SP2 Update 6 expose a flaw in the /api/sftp/uploadFiles endpoint. The app does not properly sanitize user input, enabling injection of shell command payloads via crafted directory names. These payloads are st...

8.8CVSS6AI score0.00451EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/09 7:43 a.m.40 views

injection_exploit

Injection Exploit SQLi 6 engines + SSTI 11 engines — GET/...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-47814

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...

7.5CVSS6AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 6:16 p.m.12 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS0.01614EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 6:0 p.m.14 views

EUVD-2026-35179

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS5.2AI score0.01614EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 6:0 p.m.7 views

CVE-2026-11556 Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS7.3AI score0.01614EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 6:0 p.m.29 views

CVE-2026-11556

Affected product: Tenda F451 routers (firmware 1.0.0.7/1.0.0.9). Vulnerable component: Web Management Interface, function formWriteFacMac in /goform/WriteFacMac. Root cause: parameter manipulation of mac leads to OS command injection. Impact: remote code execution with high severity (network vect...

9CVSS5.2AI score0.01614EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:49 p.m.6 views

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.11 views

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS5.2AI score0.00936EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.13 views

CVE-2026-11451

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS
Exploits1References1
Rows per page
Query Builder