Lucene search
K

412 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 12:40 a.m.4 views

CVE-2026-25111

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route...

8.8CVSS6.4AI score0.01518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22270

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An OS command injection issue exists, allowing an authenticated attacker to execute code remotely. This is achieved by providing malicious input through the device hostname configuration during...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/26 10:52 p.m.3 views

CVE-2026-28269 Kiteworks Core has an OS Command Injection

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

5.9CVSS6.2AI score0.01951EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

9.8CVSS5.9AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Trivy Action 操作系统命令注入漏洞

Trivy Action is a container vulnerability scanning tool developed by Aqua Security. Versions of Trivy Action prior to 0.33.1 contain an operating system command injection vulnerability. This vulnerability arises from improper handling of input during the process of exporting environment variables...

8.1CVSS6.1AI score0.01298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/13 3:39 a.m.5 views

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

8.8CVSS5.9AI score0.04974EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/08 3:2 p.m.6 views

EUVD-2026-5792

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

8.6CVSS6.7AI score0.03916EPSS
Exploits1References5
NVD
NVD
added 2026/02/08 9:15 a.m.13 views

CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

8.6CVSS0.04317EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

Tenda G300-F 操作系统命令注入漏洞

The Tenda G300-F is a VPN router produced by the Chinese company Tenda. Versions of the Tenda G300-F starting from 16.01.14.2 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from the presence of OS command injection in the WAN diagnostic...

8.8CVSS6.1AI score0.02819EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/06 6:12 p.m.9 views

EUVD-2025-206884

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.01755EPSS
Exploits12References1
OSV
OSV
added 2026/02/06 6:12 p.m.5 views

CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

9.4CVSS6AI score0.01755EPSS
Exploits12References3
Github Security Blog
Github Security Blog
added 2026/02/06 5:59 p.m.11 views

OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

9.4CVSS6.1AI score0.01755EPSS
Exploits12References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/04 7:55 p.m.2 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.5 views

CVE-2026-0631

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS6.1AI score0.01293EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:56 a.m.4 views

CVE-2026-22550

OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution...

8.8CVSS7.2AI score0.01664EPSS
Exploits0References3Affected Software15
NVD
NVD
added 2026/02/02 6:16 p.m.10 views

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...

8.5CVSS0.01296EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/31 9:12 a.m.16 views

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:38 a.m.6 views

CVE-2026-21418

Dell Unity, versions 5.5.2 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/30 8:38 a.m.28 views

CVE-2026-21418

Dell Unity, versions 5.5.2 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS0.00599EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:27 a.m.4 views

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
Rows per page
Query Builder