Lucene search
+L

413 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 8:27 a.m.4 views

CVE-2026-22277

Dell UnityVSA, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

7.8CVSS6.1AI score0.00599EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.6 views

CVE-2026-21267

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

8.6CVSS7.7AI score0.00716EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 5:58 a.m.5 views

CVE-2026-0854 Merit LILIN|NVR - OS Command Injection

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS7.3AI score0.01025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

Broadcom DX NetOps Spectrum 安全漏洞

Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum version 23.3.6 and earlier, which stems from improper neutralization of a special element and could lead to OS...

9.8CVSS6.8AI score0.0079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.7 views

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...

10CVSS9.8AI score0.79673EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.7 views

CVE-2023-4711

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

8.1CVSS7AI score0.05769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.10 views

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

8.8CVSS7.5AI score0.01025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.11 views

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

9CVSS6.9AI score0.01343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 1:10 a.m.10 views

CVE-2025-11774

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...

8.2CVSS7AI score0.005EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 5:51 a.m.5 views

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

8.6CVSS7.1AI score0.01283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.14 views

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

9.3CVSS8.1AI score0.01018EPSS
Exploits0References7
CVE
CVE
added 2025/12/13 6:32 a.m.20 views

CVE-2025-14586

CVE-2025-14586 affects TOTOLINK X5000R 9.1.0cu.2089_B20211224. The vulnerability is in snprintf in /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, where manipulation of the User argument leads to an OS command injection. Remote exploitation is possible and has been publicly disclosed. Connected...

9.8CVSS6.4AI score0.02503EPSS
In wildExploits1References5Affected Software1
Veracode
Veracode
added 2025/12/13 5:8 a.m.7 views

OS Command Injection

Jenkins Git Client Plugin is vulnerable to OS Command Injection. The vulnerability is due to improper escaping of the workspace directory path when constructing arguments in a temporary shell script, where an attacker who can control the workspace directory name can inject and execute arbitrary...

5CVSS5.8AI score0.00186EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02582EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.11 views

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

8.8CVSS7.9AI score0.02108EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 9:31 p.m.7 views

EUVD-2025-202723

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

7.3AI score0.02769EPSS
Exploits1References4
NVD
NVD
added 2025/12/11 7:15 p.m.8 views

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

8.8CVSS0.01879EPSS
Exploits1References2
NVD
NVD
added 2025/12/11 6:16 p.m.6 views

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS0.02729EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/11 12:0 a.m.6 views

EUVD-2025-202751

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

7.3AI score0.02578EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.9 views

PT-2025-50675

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

8.8CVSS7.1AI score0.02582EPSS
Exploits1References5
Rows per page
Query Builder