Lucene search
K

418 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.02651EPSS
Exploits0References9
CVE
CVE
added 2 days ago6 views

CVE-2026-34110

The CVE describes an unauthenticated OS command injection in Guardian language-system: complex_start.php passes the id GET parameter directly into exec("php jobs/complex.php ..."), unsafely incorporating $_GET['id'] without sanitization. This allows an unauthenticated attacker to append shell met...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41048

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-13581

Edimax EW-7478APC (firmware 1.04) is affected by CVE-2026-13581. The vulnerability is in the POST handler’s formStaDrvSetup (file /goform/formStaDrvSetup); adversaries can manipulate the rootAPmac argument to achieve OS command injection remotely. Public exploit exists. The vendor has not provide...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:31 p.m.6 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 5:26 p.m.28 views

CVE-2026-54699 Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36772

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

5.8AI score0.01119EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.27 views

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

0.01571EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLES15 Security Update : hplip (SUSE-SU-2026:2380-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2380-1 advisory. This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA k...

9.8CVSS6.4AI score0.01333EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

ClipBucket V5 操作系统命令注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...

9.8CVSS5.6AI score0.00603EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 8:33 a.m.79 views

Exploit for CVE-2026-10520

CVE-2026-10520 — Ivanti Sentry Mass Scanner Detection scanner...

10CVSS5.5AI score0.99041EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/06/09 5:19 p.m.46 views

Exploit for CVE-2026-46394

CVE-2026-46394 - HAXcms Git.php OS Command Injection CWE-78...

7.7CVSS5.9AI score0.00768EPSS
Exploits1
CVE
CVE
added 2026/06/09 2:30 p.m.50 views

CVE-2026-10727

Ivanti EPMM (Ivanti Endpoint Manager/Mobile EPMM) is affected by an OS command injection in versions before 12.9.0.1, 12.8.0.3, and 12.7.0.2. A remote authenticated attacker can execute arbitrary commands as root. The CVSS (3.1) vectors indicate network access, high impact on confidentiality, int...

7.2CVSS6AI score0.01634EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

7.5CVSS6.8AI score0.01629EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 7:27 p.m.32 views

CVE-2026-45777

Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...

9.8CVSS5.8AI score0.00388EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.9 views

CVE-2026-35071

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

8.2CVSS5.4AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /ssh/tunnel/connect endpoint, which directly inserted the...

9.8CVSS5.7AI score0.01729EPSS
Exploits1References3
NVD
NVD
added 2026/05/29 12:16 p.m.14 views

CVE-2025-41277

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS0.0138EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 10:59 a.m.12 views

EUVD-2025-209999

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
Rows per page
Query Builder