Lucene search
K

19628 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/02/04 12:0 a.m.88 views

VulnCheck KEV: CVE-2025-14586

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

9.8CVSS5.6AI score0.0246EPSS
In wildExploits1References2
NVD
NVD
added 2026/02/03 7:16 p.m.15 views

CVE-2026-1802

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS0.02744EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 7:2 p.m.3 views

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS5.4AI score0.02744EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 7:2 p.m.29 views

CVE-2026-1802 Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command injection

A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This issue affects the function macAddrClone of the file luci\controller\api\zrMacClone.lua. The manipulation of the argument macType results in command injection. The attack may be launched remotely. The exploit has been released...

7.5CVSS0.02744EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 7:2 p.m.13 views

CVE-2026-1802

Summary (CVE-2026-1802) : Ziroom ZHOME A0101 (version 1.0.1.0) is affected by a command injection in the macAddrClone function from luci/controller/api/zrMacClone.lua, caused by unsafe handling of the macType argument. This enables remote exploitation as described in multiple sources. The exploit...

7.5CVSS7.2AI score0.02744EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/03 7:4 a.m.6 views

openssh: potential command injection via shell metacharacters

A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters...

6.5CVSS7.6AI score0.19753EPSS
Exploits7References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6060

Name of the Vulnerable Software and Affected Versions Ziroom ZHOME A0101 version 1.0.1.0 Description A security flaw exists in Ziroom ZHOME A0101. The issue is due to command injection resulting from the manipulation of the macType argument within the macAddrClone function located in the...

7.5CVSS5.3AI score0.02744EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/02 11:41 p.m.15 views

OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

7.7CVSS6.4AI score0.00935EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/02 11:41 p.m.2 views

GHSA-Q284-4PVR-M585 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...

7.7CVSS6.5AI score0.00935EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.5 views

CVE-2026-1689

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS7AI score0.02537EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.4 views

CVE-2026-1687

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS6.9AI score0.026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/31 9:12 a.m.9 views

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

10CVSS6.2AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.9 views

CVE-2026-1624

A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fotaurl leads to command injection. The attack can be launched remotely. The exploit has been disclose...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.14 views

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

8.8CVSS5.7AI score0.02568EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/31 12:30 a.m.6 views

EUVD-2020-30949

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.5AI score0.02255EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : emacs (EulerOS-SA-2026-1112)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted...

8.8CVSS6.2AI score0.02679EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2026-1163)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted...

8.8CVSS6.2AI score0.02679EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 11:16 p.m.3 views

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2026/01/30 11:16 p.m.5 views

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS0.02255EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.2 views

CVE-2020-37027 Sickbeard 0.1 - Remote Command Injection

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.4AI score0.02255EPSS
Exploits0References4
Rows per page
Query Builder