Lucene search
K

412 matches found

Cvelist
Cvelist
added 2026/04/05 1:15 a.m.32 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/03 6:9 a.m.12 views

Multiple vulnerabilities in NEC Aterm series (NV26-001)

Overview Aterm series products provided by NEC Corporation contain multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2026-4309 Path traversal CWE-22 - CVE-2026-4619 OS command injection CWE-78 - CVE-2026-4620, CVE-2026-4622 Hidden functionality CWE-912 - CVE-2026-4621 The...

9.8CVSS5.9AI score0.00996EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/31 10:27 p.m.4 views

EUVD-2026-17255

baserCMS has OS Command Injection Leading to Remote Code Execution RCE...

9.1CVSS6AI score0.02282EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.5 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/30 5:0 p.m.27 views

CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

5.3CVSS0.0083EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/27 3:30 p.m.2 views

EUVD-2026-16600

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

9.8CVSS6.2AI score0.01376EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/19 6:23 p.m.223 views

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

9.3CVSS7.5AI score0.99652EPSS
Exploits9
Cvelist
Cvelist
added 2026/03/16 5:2 p.m.40 views

CVE-2026-4253 Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function routesetuserpolicyrule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...

5.8CVSS0.06532EPSS
Exploits2References5
OSV
OSV
added 2026/03/11 12:37 a.m.7 views

GHSA-GV8F-WPM2-M5WR @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cveclaudecodeuisubmissionv2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions | =...

8.7CVSS6.2AI score0.03433EPSS
Exploits1References5
OSV
OSV
added 2026/03/08 1:15 a.m.5 views

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

9.8CVSS5.6AI score0.01922EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/06 7:8 a.m.36 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS0.02132EPSS
Exploits2References1
CVE
CVE
added 2026/03/02 3:17 p.m.13 views

CVE-2025-50196

Chamilo LMS prior to 1.11.30 is affected by an issue in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. The vulnerability allowed exploitation that could lead to arbitrary SQL queries being executed. It is patched in version 1.11.30; update to 1.11.30 or later to rem...

7.2CVSS5.9AI score0.02746EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 3:16 p.m.2 views

CVE-2025-50193

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

7.2CVSS5.9AI score0.02603EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/27 3:30 a.m.4 views

EUVD-2026-8976

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.7 views

EUVD-2026-8978

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.6 views

EUVD-2026-8980

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS6AI score0.01934EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 1:16 a.m.10 views

CVE-2026-21389

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route...

8.8CVSS0.01489EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 12:52 a.m.3 views

CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:47 a.m.4 views

CVE-2026-24689

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action...

8.8CVSS6.4AI score0.01518EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:46 a.m.23 views

CVE-2026-20910 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code execution...

8CVSS0.01489EPSS
Exploits0References3
Rows per page
Query Builder