Command Injection
Monthly
Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist through bash arithmetic expansion syntax $((...)) nested inside permitted commands like echo. Because Zed is increasingly used with AI agent workflows that execute shell commands on behalf of the user, the bypass effectively neutralizes the safety boundary intended to gate dangerous operations. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-c99f-97vf-4h5h provides sufficient detail for a working PoC to be reconstructed.
Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malicious .git/config file that abuses the core.fsmonitor Git configuration option. The flaw triggers even in untrusted mode, defeating the safety boundary users expect when opening unknown repositories, and no public exploit has been identified at time of analysis though the advisory is published by the vendor.
Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals because environment variable keys are passed into a shell command string without quoting or validation. An attacker who can influence project terminal settings (for example, through a shared or malicious project) can embed shell expansions such as $(...) into env var keys, achieving arbitrary command execution on the remote host as the victim user when they open a terminal. No public exploit identified at time of analysis, but the issue is fixed in Zed 0.227.1.
Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.
Remote unauthenticated command injection in the ZeroTier VPN feature of InHand Networks IR302, IR305, IR315, and IR615 industrial routers grants ROOT-level code execution on affected devices. The flaw carries a CVSS 9.8 critical rating with no authentication required, exposing industrial network gateways to full compromise; no public exploit identified at time of analysis, but the vendor (InHand Networks PSA-2026-05) has acknowledged the issue.
Remote root command injection in InHand Networks industrial routers (IR302, IR305, IR315, IR615) allows unauthenticated network attackers to fully compromise affected devices via the WireGuard VPN feature. With CVSS 9.8 and no required privileges or user interaction, this flaw grants attackers ROOT-level control over edge industrial networking equipment. No public exploit identified at time of analysis, but a vendor advisory (InHand-PSA-2026-05) has been published.
Remote code execution as root in InHand Networks industrial cellular routers (IR302, IR305, IR315, IR615) allows unauthenticated network attackers to inject operating system commands through the IPSec VPN feature. The CVSS 9.8 score reflects network-reachable, low-complexity, unauthenticated exploitation with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote root command injection in InHand Networks IR302, IR305, IR315, and IR615 industrial cellular routers allows unauthenticated attackers to execute arbitrary OS commands as root via the Admin Access feature. The flaw affects IR302 V3.5.108, IR305/IR315/IR615 V1.0.118, and earlier firmware, with CVSS 9.8 reflecting network-reachable, no-auth exploitation; no public exploit identified at time of analysis but vendor PSA-2026-05 confirms the issue.
Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.
Arbitrary OS command execution in Microsoft's UFO intelligent-automation framework (tagged releases up to and including v3.0.0) lets a local, low-privileged attacker who can write or modify a per-session action JSON record plant a malicious shell action that is executed via PowerShell when the session is resumed or replayed. The injected command runs with the privileges of the UFO process user, yielding full confidentiality, integrity, and availability impact (CVSS 7.8, CWE-78). There is no public exploit identified at time of analysis, and no EPSS or CISA KEV data was supplied to gauge exploitation likelihood.
Local privilege escalation via OS command injection in pam_usb before 0.8.7 lets a low-privileged local user execute arbitrary commands as root. The flaw lives in src/tmux.c, which reads the attacker-controllable $TMUX environment variable and interpolates its socket-path component, unsanitised, inside a double-quoted string passed to popen(); a value containing a double-quote breaks out of the quoting and injects shell syntax that runs in the root-context PAM stack. No public exploit identified at time of analysis, and no EPSS or CISA KEV data was supplied, but the CVSS 8.8 (scope-changed) rating reflects straightforward, low-complexity root compromise.
Root command injection in pam_usb prior to 0.8.7 lets a local high-privileged user - or an attacker who can present a removable device with an attacker-chosen filesystem UUID - embed shell metacharacters (e.g. $(id>/tmp/rce)) that execute as root when an administrator runs pamusb-conf --reset-pads. A second injection path passes the userName value from the XML configuration directly to os.system() in pamusb-agent. No public exploit identified at time of analysis; the issue is fixed in 0.8.7.
Local privilege escalation in pam_usb prior to 0.8.7 lets a low-privileged user gain the elevated privileges of the pam_usb tool chain by abusing the pamusb-pinentry helper. The helper trusts the PINENTRY_FALLBACK_APP environment variable and executes its value directly, so any process able to set that variable before pamusb-pinentry runs can have an arbitrary binary executed. There is no public exploit identified at time of analysis, and the issue is fixed in version 0.8.7; the GitHub Security Advisory (GHSA-jxrj-q67x-wr4c) is the sole reference.
Unauthorized OS command execution in Tanium Connect allows an attacker holding low-privilege authenticated access to run arbitrary commands on the host, achieving full compromise of confidentiality, integrity, and availability. The CVSS 8.8 (network vector, low complexity, low privileges, no user interaction) reflects an authenticated remote code execution issue rooted in command injection (CWE-78). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; EPSS data was not provided.
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.org>) CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository (Colm O hEigeartaigh <coheigea@...che.org>) Sv: Coordinated Disclosure in the LLM Age (Markus Klyver <markusklyver@...mail.com>) Re: Evince/Atril/Xreader command injection CVE-2026-46529 (Wolfgang <raveit65.sun@...il.com>) illumos: 18118 SCTP frees wrong-size, and need to keep private options (Dan McDonald <danmcd@...ecast.io>) [vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513 (Christian Brabandt <cb@...bit.org>) NGINX ngx_http_rewrite_mod
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/27. Perl allow OS command injection via send_file() (Stig Palmquist <stig@...g.io>) Samba 4.24.3, 4.23.8 and 4.22.10 Security Releases are available for Download (Douglas Bagnall <douglas.bagnall@...alyst.net.nz>) Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>) ARTEMIS-5996: CVE-2026-40914: Apache Artemis, Apache ActiveMQ Artemis: Address routing-type can be updated by STOMP protoc… (Justin Bertram <jbertram@...che.org>) [OSSA-2026-014] OpenStack Swift: Swift proxy-server denial of service via truncated s3api chunked upload (CVE-2026-4901… (Goutham Pacha Ravi <gouthampravi@...il.…) 9
Command injection in the Sherlock username-hunting tool's CI/CD pipeline (versions prior to 0.16.1) allows any GitHub user to run arbitrary commands on the project's GitHub Actions runner. The flaw lives in the validate_modified_targets.yml workflow, which uses the dangerous pull_request_target trigger; simply opening a pull request executes attacker-controlled code with no approval, review, or merge required. Fixed in 0.16.1; with a CVSS of 9.3 it is a high-severity supply-chain issue, though no public exploit was identified at time of analysis and the technique class is well documented.
Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.
Local privilege escalation via command injection in Raynet rvia (RayVentory) 12.6.4392.49-amd64.deb allows authenticated local users to achieve arbitrary code execution by exploiting an improperly terminated find query the application uses to locate the Java runtime. The flaw is reachable through the getconfig command, the upload URL argument, and the oracle -o flag, and publicly available exploit code exists on GitHub although no active exploitation has been observed.
Local arbitrary code execution in Raynet rvia 12.6 Update 8 and earlier lets a low-privileged local user inject operating-system commands through the application's Java search feature, which assembles a `find` command from an attacker-controlled path without properly terminating the search criteria (CWE-77 OS command injection). A working proof-of-concept exploit script is publicly available on GitHub (Wise-Security/CVE-2026-38945), and CISA's SSVC framework rates the technical impact as total, though it marks the issue as not automatable and requiring local access. No EPSS score and no CISA KEV listing were supplied, so there is no public exploit identified as actively exploited at time of analysis.
Unauthenticated remote command injection in the Netis AC1200 Router (model NC21, firmware V4.0.1.4296) allows any LAN-resident attacker to execute arbitrary OS commands as the router's runtime user via a single HTTP POST to /cgi-bin/skk_set.cgi. The password and new_pwd_confirm parameters are concatenated into a shell invocation without sanitization, and exploitation requires no credentials. No public exploit is identified at time of analysis, though the disclosure repository documents the technique (base64-encoded backtick payloads), and EPSS scoring (0.21%) suggests limited broad exploitation pressure despite the trivial attack complexity.
OS command injection in sipeed picoclaw v0.1.2 and earlier allows remote attackers to bypass an incomplete denylist-based sanitizer in the ExecTool component and execute arbitrary shell commands on the host. The guardCommand() function in pkg/tools/shell.go relies on only eight regex denylist patterns, which is insufficient to block the wide range of shell metacharacters and command-chaining techniques available to an attacker. No public exploit identified at time of analysis, though a third-party gist documenting the issue is referenced from NVD.
OS command injection in the @pensar/apex Node.js agent package (versions 0.0.58 and earlier) lets a remote, unauthenticated attacker run arbitrary operating-system commands by smuggling shell metacharacters into the smart_enumerate tool's url or extensions inputs. The vulnerable createSmartEnumerateTool() routine in src/core/agent/tools.ts builds a shell command string by concatenating those untrusted values and passes it to Node.js child_process.exec(), which spawns a shell that interprets the injected characters, executing them with the privileges of the agent process. CVSS is 8.8 (network vector, low complexity, no privileges, but user/agent interaction required); the source data shows no CISA KEV listing and no EPSS score, and a referenced researcher gist may contain proof-of-concept detail though exploit code is not confirmed in the structured input.
OS command injection in MB connect line / Helmholz mbNET and REX industrial remote-maintenance routers (mbNET.mini up to 3.0.2, REX200/250 and mbNET/mbNET.rokey up to 8.4.4, REX100 up to 3.0.2) lets a high-privilege authenticated user poison the device's configuration generator so that a tainted value is later passed unsanitized to a system execute call, producing arbitrary command execution with total loss of confidentiality, integrity and availability. The flaw was reported through CERT@VDE (advisory VDE-2026-054) and tracked as EUVD-2026-32151. There is no public exploit identified at time of analysis, EPSS is low (0.07%, 22nd percentile), and CISA's SSVC framework rates current exploitation as none.
OS command injection in Perl's HTTP::Daemon before 6.17 (libwww-perl) lets remote unauthenticated attackers execute commands as the daemon process UID when request-derived input reaches the send_file() method. The method opened its string argument with Perl's 2-argument open(), whose magic prefixes ('| cmd', 'cmd |', '> path', '>> path') spawn subprocesses or write/truncate files; the read-pipe form additionally leaks subprocess stdout into the HTTP response body. There is no public exploit identified at time of analysis and no CISA KEV listing, but the upstream fix is released (6.17) and the patch diff is public, so the root cause is fully disclosed.
OS command injection in Tanium Connect lets an authenticated, low-privileged user execute arbitrary commands on the underlying host, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). The flaw affects Connect branches 5.26, 5.29, and 5.37 below their respective fixed builds and is tagged as RCE/Command Injection. There is no public exploit identified at time of analysis, and EPSS estimates exploitation probability at a low 0.07% (22nd percentile).
OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped exec() call inside the Juniper router integration plugin, enabling arbitrary shell command execution on the host. The flaw lives in the _log() function of src/juniper_plugin/fastnetmon_juniper.php, where the $msg argument (built from argv[1]-argv[3]: attack IP, direction, power) is concatenated directly into a shell command. Although rated CVSS 9.8, practical exploitation is gated: FastNetMon's C++ core currently feeds IPs through inet_ntoa(), which only yields safe dotted-decimal strings, so injection requires the script to be driven directly or by a third-party orchestrator. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.
Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands through the terminal_tool component's approval mechanism. The vulnerability affects all versions up to commit 5157f5427f19488b31c6fdebbacd15d798ce7f63 and has publicly available exploit code demonstrating the attack. The vendor has not responded to disclosure attempts, leaving users without an official patch.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary OS commands via the 'method' parameter in the formEZCHNwlanSetup POST handler at /goform/formEZCHNwlanSetu. Public exploit code exists (CVSS E:P), enabling low-complexity attacks that compromise confidentiality, integrity, and availability at low impact levels. EPSS data not available. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation. Vendor was notified but has not issued a patch or advisory.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary operating system commands via the max_Conn and timeOut parameters in the formConnectionSetting endpoint. The vulnerability requires low-privilege authentication but no user interaction, with public exploit code available. EPSS data not available; vendor unresponsive to disclosure.
Remote command injection in Edimax EW-7438RPn 1.12 allows authenticated attackers to execute arbitrary OS commands by manipulating the submit-url parameter in the formAccept function via /goform/formAccep endpoint. Public exploit code is available (EPSS not provided in input data). Vendor was notified but has not responded or issued a patch, leaving devices vulnerable to takeover by users with low-level credentials.
Command injection in Edimax EW-7438RPn 1.28a allows authenticated remote attackers to execute arbitrary system commands via crafted POST parameters to the /goform/formHwSet endpoint. The vulnerability affects the formHwSet function's handling of multiple configuration parameters including Antenna, Mcs, regDomain, MAC addresses, SSID, and channel settings. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation, though CISA KEV does not list active widespread exploitation at time of analysis.
OS command injection in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 allows authenticated remote attackers to execute arbitrary system commands via the formWizSurvey web interface. The vulnerability exists in the /goform/formWizSurvey endpoint where input validation fails on the ip, mask, and gateway parameters. Publicly available exploit code exists (GitHub POC published), though no active exploitation has been confirmed by CISA KEV. EPSS data not available for this recent CVE. Vendor notified but non-responsive, indicating no official patch is forthcoming.
OS command injection in Edimax EW-7438RPn firmware (versions up to 1.31) allows authenticated remote attackers to execute arbitrary system commands via the pinCode parameter in the formWpsStart function. Public exploit code is available on GitHub, enabling low-complexity attacks against the WPS configuration interface. The vendor has not responded to vulnerability disclosure, leaving no official patch available. EPSS data not provided, but public POC availability significantly increases exploitation risk for internet-exposed devices with weak admin credentials.
Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.
Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command execution via the /goform/formWlanM POST request handler. An authenticated remote attacker (PR:L per CVSS) can manipulate any of 29+ wireless calibration and ATE parameters - including ateFunc, ateGain, e2pTxPower series, and readE2P - to inject arbitrary shell commands into the device OS. No vendor patch exists as Edimax did not respond to responsible disclosure; a publicly available exploit exists, and the breadth of vulnerable parameters indicates a systemic absence of input sanitization across the wlanM form handler.
Cross-tenant remote code execution in Nezha Monitoring dashboard (versions >= 1.4.0, < 1.14.15-0.20260517022419-d7526351cf97) allows any authenticated RoleMember user to execute arbitrary shell commands as root on every monitored agent host in the deployment. The flaw stems from cron API endpoints being gated by commonHandler instead of adminHandler, combined with a vacuous-true permission check when the Servers list is empty, enabling fanout to all tenants' servers. No public exploit identified at time of analysis, but a complete proof-of-concept is included in the GitHub Security Advisory.
Command injection in Microsoft 365 Copilot for iOS allows remote unauthenticated attackers to tamper with system integrity over the network when a user is convinced to interact with malicious content. The flaw carries a critical CVSS score of 9.3 with a scope change indicating impact beyond the vulnerable component, though no public exploit identified at time of analysis. An official vendor patch is available via MSRC.
Command injection in Microsoft 365 Copilot exposes sensitive information to unauthenticated remote attackers when a victim user interacts with attacker-controlled content, resulting in High confidentiality impact with no integrity or availability effect. The vulnerability carries a CVSS 6.5 (Medium) score, reflecting network accessibility and low attack complexity offset by a mandatory user interaction requirement. No public exploit code exists at time of analysis, and Microsoft has released an official patch documented via the Microsoft Security Response Center.
Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-system commands against the platform, with a maximum CVSS score of 10.0 reflecting changed scope and full confidentiality, integrity, and availability impact. The flaw stems from improper neutralization of special elements in command construction (CWE-77), and while no public exploit has been identified at time of analysis, Microsoft has released a patch via MSRC. Given Power Pages is a multi-tenant SaaS offering, a successful exploit could pivot beyond the initial site boundary.
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitrary shell commands via unescaped line terminators in the .op field. Affects the quote() API and parse() flows that accept object tokens, with no public exploit identified at time of analysis but a vendor-released upstream fix in commit 1518179. EPSS data was not provided, but the package's massive ecosystem footprint (millions of weekly npm downloads) makes downstream supply-chain exposure substantial.
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary operating system commands by abusing improperly validated input. The flaw carries a critical CVSS 9.1 score with scope change, indicating successful exploitation can break out of the originating security context, though no public exploit identified at time of analysis.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute arbitrary operating system commands by sending crafted input that bypasses validation. The flaw carries a maximum CVSS 10.0 score with scope change (S:C) impacting confidentiality, integrity, and availability, and affects a broad fleet of UniFi gateways, NVRs, NAS units, and Cloud Keys. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Command injection in KnpLabs Snappy PHP library (versions <= 1.7.0) allows attackers to execute arbitrary OS commands as the PHP process when the wkhtmltopdf/wkhtmltoimage binary path passed to the constructor is influenced by attacker-controlled input. An inverted is_executable() check renders the intended escapeshellarg() protection dead code, so the binary path string is concatenated raw into the shell command. A proof-of-concept is published in the GHSA advisory; no public exploit identified in the wild and the vulnerability is not in CISA KEV at time of analysis.
Arbitrary command execution in Fission's builder component (pkg:go/github.com/fission/fission <= 1.22.0) allows any principal with create or update privileges on Environment CRDs to redirect the builder pod to execute any binary reachable via $PATH inside the builder image. The vulnerable call site at pkg/builder/builder.go:254 passes the unsanitized Environment.spec.builder.command value directly to exec.Command after a strings.Fields split, enabling attackers to specify paths such as /bin/sh -c '...' as the build command. No public exploit has been identified at time of analysis, but the patch is confirmed released in v1.23.0 and the exploit primitive requires only a single Kubernetes API write to trigger.
Authenticated remote code execution affects Zoho ManageEngine ADSelfService Plus (before build 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313) on agent machines, stemming from a flaw in a bundled third-party dependency. An authenticated attacker with low privileges can inject commands (CWE-77) to execute arbitrary code on managed agent endpoints, with no public exploit identified at time of analysis.
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell. The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
Integrity compromise in PowerDNS Authoritative Server allows network-positioned attackers to inject unauthorized DNS records by exploiting insufficient validation of DNS names received during AXFR (zone transfer) processing. The CVSS changed-scope indicator (S:C) reflects that the high-integrity impact extends beyond the vulnerable server itself to all downstream systems consuming the corrupted zone data, enabling a form of DNS record poisoning. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) constrains exploitation to adversaries with specific network positioning or control over a zone transfer source.
Remote code execution in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows authenticated high-privilege attackers to inject arbitrary OS commands through the device's web interface using command delimiters. The flaw carries a CVSS 9.1 rating due to scope change and full CIA impact, and no public exploit identified at time of analysis, though the industrial-control context makes any RCE highly consequential. Honeywell has released a patch via its process.honeywell.com portal.
Shell injection in Netatalk 3.1.0 through 4.4.2 allows a high-privileged local attacker to execute arbitrary OS commands by embedding shell metacharacters in a configured volume path value. The flaw (CWE-78) arises because volume path strings are passed to a shell interpreter without sanitization, meaning any actor with write access to Netatalk's volume configuration can achieve full command execution under the Netatalk process context. No public exploit code has been identified at time of analysis, and the vendor has released a fix in version 4.4.3.
OS command injection in Netatalk 2.2.1 through 4.4.2 arises from a code path that invokes system() after a failed chdir() call, classified under CWE-78. Exploitation requires local access with high privileges and high attack complexity, and yields only low-integrity and low-availability impact with no confidentiality exposure, reflected in the CVSS score of 2.5. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor-released fix is available in version 4.5.0.
Shell injection in Netatalk 3.1.4 through 4.4.2 allows authenticated remote attackers to execute arbitrary OS commands through a bitwise-OR logic flaw, achieving full confidentiality, integrity, and availability impact (CVSS 7.5). Netatalk is the open-source AFP (Apple Filing Protocol) server commonly deployed on Linux/BSD NAS appliances to share files with macOS clients. The flaw was fixed in version 4.4.3; no public exploit identified at time of analysis and the issue is not currently in CISA KEV.
Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.
Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS users with transaction test management privileges to execute arbitrary OS commands inside the BrowserBot container as the unprivileged 'node' user. Exploitation requires valid ThousandEyes SaaS credentials and the ability to manage transaction tests, scoping the realistic threat primarily to insiders and compromised privileged accounts. Cisco has already deployed a remediation server-side; no customer action is required. No public exploit code or CISA KEV listing exists at time of analysis.
Command injection in shivammathur/setup-php (versions 2.25.0 through 2.37.0) allows an attacker who can influence repository files to execute arbitrary commands on a GitHub Actions runner when the action resolves the PHP version from attacker-controlled content. The risk is highest in privileged workflows using pull_request_target that check out untrusted PR code before invoking setup-php, potentially exposing repository secrets and CI/CD infrastructure. No public exploit code or KEV listing exists at time of analysis, but the attack is realistic in any project using this common CI action pattern with auto-merging or cross-repo workflows.
Command injection in Dell SmartFabric Storage Software versions prior to 1.4.5 enables a high-privileged local attacker to gain unauthorized read and write access to the underlying filesystem. Exploitation requires local system presence and high-level privileges, with the CVSS vector (AV:L/AC:H/PR:H) indicating a constrained threat surface despite the high confidentiality, integrity, and availability impact scores. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Windows security feature bypass, publicly dubbed 'YellowKey', exposes systems to full confidentiality, integrity, and availability compromise via command injection (CWE-77) requiring only physical access - no credentials or user interaction needed. A proof-of-concept was released publicly prior to patch availability, violating coordinated disclosure norms, which lowers the attacker skill bar significantly. No vendor-released patch exists at time of analysis; Microsoft has confirmed the issue and is preparing a security update.
Unauthenticated remote code execution in CtrlPanel billing software (versions 1.1.1 and prior) allows attackers to execute arbitrary OS commands via the web-based installer endpoint, even on already-installed instances. The flaw combines a control-flow bug (install.lock gate runs after handler execution) with command injection through unsanitized user input passed into shell commands. The advisory reports active exploitation in the wild, though no CISA KEV listing is present in the supplied data.
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent attackers to execute arbitrary OS commands by chaining two unprotected API endpoints. The Next.js authentication middleware in src/proxy.js uses a narrow route allowlist that excludes /api/cli-tools/* and /api/mcp/*, letting an attacker register an arbitrary command via POST /api/cli-tools/cowork-settings and then trigger spawn() via GET /api/mcp/[plugin]/sse. Publicly available exploit code exists (PoC published with the GHSA advisory), with CVSS 10.0 reflecting maximum severity across confidentiality, integrity, and availability.
Remote code execution in Kopia backup server (≤ 0.22.3) allows unauthenticated attackers to run arbitrary OS commands as the Kopia process user via a single HTTP request to /api/v1/repo/exists when the server is launched with --without-password. Publicly available exploit code exists through the published GHSA advisory and PR diff; no public exploit identified at time of analysis as being weaponized in the wild, but the trivially exploitable vector (CVSS 9.8) and detailed write-up make weaponization straightforward. The bug stems from naive space-splitting of attacker-controlled sshArguments that is fed to exec.CommandContext("ssh"), letting an -oProxyCommand= token trigger $SHELL -c execution before any SSH transport is established.
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.
Command injection in Panabit PAP-XM320 firmware up to and including V7.7 enables authenticated remote attackers with management interface access to execute arbitrary shell commands on the underlying OS. The web management interface passes user-controlled input to the backend helper /usr/sbin/pappiw, which processes arguments via eval - a classic CWE-78 pattern that causes attacker-supplied shell metacharacters to be interpreted as commands. No public exploit has been confirmed at time of analysis and this CVE is not listed in the CISA KEV catalog, though a researcher disclosure page is referenced.
OS command injection in Dokploy self-hosted PaaS (versions <= 0.26.6) allows an authenticated low-privileged user to achieve server-level remote code execution by injecting shell metacharacters into the appName parameter when creating an application or database. The cleanAppName sanitizer only lowercases and strips spaces, leaving characters like ;, $(), backticks, |, and & to be passed directly into execAsync()/execAsyncRemote() shell interpolation when service lifecycle operations run. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV, but the GitHub commit diff publicly demonstrates the vulnerable code path.
Local privilege code execution in jarrodwatts/claude-hud through version 0.0.12 on Windows allows authenticated local users to run arbitrary executables by setting the COMSPEC environment variable before the tool's version check, where execFile() launches whatever binary COMSPEC points to with cmd.exe-style arguments. The flaw is tracked as CWE-427 (Uncontrolled Search Path Element) and was reported by VulnCheck; no public exploit identified at time of analysis, but the upstream commit 234d9aa makes the fix mechanics straightforward to reverse-engineer.
{id}/volumes/{volumeName}/browse`. The path sanitizer at `volume_service.go:1448-1467` blocks only `../` traversal and passes shell substitution sequences through unchanged; `strconv.Quote` wraps the path in Go-style double quotes, which POSIX `sh` still interprets as a command-substitutable string, causing the injected command to execute and its output to be reflected in the HTTP 500 error body. No vendor-released patch exists at time of analysis; publicly available exploit code is embedded in the GHSA advisory (GHSA-9mvm-4gwg-v8mp) and no confirmed active exploitation (CISA KEV) has been reported.
Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system commands via the stadrv_ssid parameter in POST requests to /goform/formStaDrvSetup. Public exploit code is available (documented in VulDB and researcher's Notion page), enabling low-complexity attacks against networks where attackers have obtained low-privilege credentials. The vendor received early disclosure but provided no response, leaving no official patch timeline.
Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
OS command injection in Vercel AI SDK versions up to 3.0.97 allows authenticated remote attackers with pull request creation privileges to execute arbitrary commands on CI/CD runners through malicious branch names. The vulnerability resides in the prettier-on-automerge GitHub Actions workflow, which insecurely interpolates PR branch names into shell commands. A public proof-of-concept exploit exists (disclosed via GitHub Gist), demonstrating feasibility despite CVSS 4.0 rating the complexity as high (AC:H) and exploitability as difficult. The vendor (Vercel) was notified but has not responded, and no patch availability is confirmed from vendor sources at time of analysis.
Remote command injection in Kodbox fileThumb plugin (versions up to 1.64) allows authenticated attackers to execute arbitrary system commands by manipulating the ffmpegBin parameter in video processing functions. Publicly available exploit code increases immediate risk. EPSS data not available, but CVSS temporal metrics indicate confirmed proof-of-concept exploitation (E:P). Vendor has not responded to disclosure, leaving patch status uncertain.
Remote code execution in AVideo streaming platform allows authenticated users with streaming privileges to execute arbitrary OS commands through shell metacharacter injection in the Live plugin. The vulnerability exists in the on_publish.php webhook endpoint which builds shell commands using unsafe string concatenation instead of proper escaping, allowing attackers to inject commands via specially crafted stream keys containing single quotes. While the CVSS indicates low privileges required (authenticated users with canStream permission), the impact is severe as it grants full web server user access.
Budibase servers before version 3.38.1 allow any authenticated application user to modify datasource connection parameters through the REST API endpoint PUT /api/datasources/:datasourceId, which requires only basic TABLE/READ permissions instead of builder-level access. This authorization bypass enables attackers with minimal BASIC role privileges to redirect PostgreSQL, MySQL, MongoDB, or REST datasources to arbitrary hosts and ports, creating server-side request forgery (SSRF) conditions that bypass existing HTTP-layer protections for SQL driver connections. The vulnerability has been assigned CVSS 8.8 (High) and is fixed in Budibase 3.38.1.
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when users view attacker-controlled files containing ZMODEM protocol headers. The vulnerability exploits automatic ZMODEM detection that injects commands into the user's shell when displaying malicious content with common commands like 'cat'. Real-world risk is moderate (EPSS data not provided) as it requires local access and user interaction, but enables code execution without explicit user consent beyond viewing a file.
Remote code execution in Tabby terminal emulator versions prior to 1.0.233 allows unauthenticated attackers to execute arbitrary OS commands via malicious tabby:// URL scheme links. When users click a crafted link containing tabby://run?command=..., Tabby spawns the specified command with full user privileges without any confirmation or sanitization. The vulnerability carries a CVSS 9.4 score due to network vector and high impact across all security dimensions.
Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.
Command injection in Vim 9.x text editor allows local attackers to execute arbitrary shell commands when a user opens specially crafted .tgz archive filenames. The vulnerability exploits insufficient sanitization in the tar#Vimuntar() function's shellescape() call, enabling cmdline-special character expansion. Exploitation requires user interaction (opening the malicious archive) and high attack complexity (filename manipulation), limiting real-world risk despite the command injection class. Fixed in version 9.2.0479 via GitHub commit 3fb5e58f. No evidence of active exploitation or public POC beyond the vendor's test case.
Command injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to execute arbitrary OS commands through the CommandHelper.executeCommands method. The vulnerability stems from unsanitized command strings being passed directly to a shell process's standard input. With an EPSS score indicating moderate exploitation likelihood and SSVC assessment showing automatable attacks with total technical impact, this represents a significant risk despite no current KEV listing or confirmed active exploitation.
Remote code execution in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows unauthenticated attackers to inject malicious JavaScript into unsanitized 'data' parameter, achieving arbitrary code execution on Node.js backend servers. Critical vulnerability (CVSS 4.0: 10.0) with complete system compromise potential affecting server confidentiality, integrity, and availability. Vendor-released patch available in version 0.7.6. No confirmed active exploitation (not in CISA KEV), but command injection via web-accessible APIs typically sees rapid weaponization once disclosed.
Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.
Command injection in python-utcp allows remote attackers to execute arbitrary shell commands on Unix and Windows systems when user-controlled tool arguments are processed by the CLI communication protocol module. The _substitute_utcp_args method in cli_communication_protocol.py directly embeds unsanitized user input into bash or PowerShell commands without escaping, enabling full remote code execution. Vendor-released patch available in version 1.1.2 with shell-quoting mitigation (shlex.quote on Unix, single-quoted literals on Windows). CVSS 8.3 indicates high complexity and required user interaction, but scope change enables container/sandbox escape scenarios. No public exploit code or CISA KEV listing identified at time of analysis, though detailed proof-of-concept exists in the GitHub security advisory demonstrating data exfiltration via curl.
Remote code execution in HRConvert2 self-hosted file conversion server allows unauthenticated attackers to execute arbitrary commands via shell metacharacters in filenames. The sanitizeString() function in convertCore.php fails to filter backticks and tab characters before passing user input to shell_exec(), enabling command injection that executes in the web server context (www-data). According to the vendor, exploitation can achieve complete server takeover through two methods: backtick-based command injection or tab-based file dropping. Fixed in version 3.3.8 released May 2026. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), but the vendor confirms the vulnerability is exploitable and rates severity as critical.
Remote code execution in mdserver-web Linux panel versions 0.18.0 through 0.18.4 allows unauthenticated remote attackers to execute arbitrary system commands by exploiting unprotected scheduled task management endpoints. Attackers can modify built-in cron jobs via the /modify_crond interface and trigger execution through /start_task without any authentication, achieving complete system compromise. No public exploit code or active exploitation confirmed at time of analysis, though the attack complexity is rated low with network-based access vector.
Command injection in @apostrophecms/cli apos create command allows arbitrary command execution when a user supplies specially crafted input during the interactive password prompt. The vulnerability exists in lib/commands/create.js line 186, where user-supplied password input is passed directly into a shell exec() call without sanitization or escaping, enabling attackers to inject shell metacharacters (;, &&, $()) to execute arbitrary commands with the privileges of the user running the CLI. Exploitation requires user interaction (UI:R) and high privilege context (PR:H), but publicly available proof-of-concept demonstrates successful arbitrary code execution on Ubuntu systems with Node.js.
OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.
Command injection in CFEngine Enterprise and Community editions before versions 3.21.8, 3.24.3, and 3.27.0 enables remote unauthenticated attackers to execute arbitrary commands on the system. The vulnerability has an EPSS score of 0.15% indicating relatively low exploitation probability, and no public exploit identified at time of analysis. SSVC framework rates this as automatable with total technical impact, suggesting high potential severity if exploited.
Remote code execution in Web::Passwd 0.03 and earlier allows unauthenticated network attackers to execute arbitrary system commands with web server privileges via command injection in the user parameter. The CVSS vector indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score is low (0.04%, 12th percentile), suggesting limited real-world exploitation observed to date. No active exploitation confirmed by CISA KEV at time of analysis, though publicly available exploit code exists per oss-security disclosure.
Command injection in U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 allows authenticated administrators to execute arbitrary system commands with elevated privileges through the Network Time Protocol (NTP) configuration interface. The vulnerability stems from insufficient input sanitization in NTP settings fields, enabling full system compromise. CVSS score of 7.2 reflects high impact across confidentiality, integrity, and availability. Public proof-of-concept code exists via GitHub repository (N0tMilk/vulnerability-research), though no active exploitation has been confirmed via CISA KEV at time of analysis. EPSS data not available for risk probability assessment.
Local code execution in the claude-code-cache-fix npm package (v3.5.0 and v3.5.1) lets attacker-controlled filesystem path names run arbitrary Python inside a victim's Claude Code process. The bundled tools/quota-statusline.sh interpolates Claude Code's statusline hook stdin — which reflects user-controlled paths such as cwd, workspace.current_dir, workspace.project_dir, and transcript_path — directly into a Python triple-quoted literal, so a directory name containing the byte sequence ''' closes the literal early and executes following bytes as Python at the user's privilege on every statusline redraw. A working injection payload is publicly available exploit code (published in the GHSA advisory and the T6/T7 regression tests); the issue is not listed in CISA KEV and no EPSS score was provided.
Command injection in Zed code editor versions prior to 0.229.0 allows bypass of the terminal tool's permission allowlist through bash arithmetic expansion syntax $((...)) nested inside permitted commands like echo. Because Zed is increasingly used with AI agent workflows that execute shell commands on behalf of the user, the bypass effectively neutralizes the safety boundary intended to gate dangerous operations. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-c99f-97vf-4h5h provides sufficient detail for a working PoC to be reconstructed.
Remote code execution in Zed code editor versions prior to 0.227.1 occurs when a user opens a folder containing a malicious .git/config file that abuses the core.fsmonitor Git configuration option. The flaw triggers even in untrusted mode, defeating the safety boundary users expect when opening unknown repositories, and no public exploit has been identified at time of analysis though the advisory is published by the vendor.
Remote command execution in Zed code editor versions prior to 0.227.1 occurs when opening SSH or WSL remote terminals because environment variable keys are passed into a shell command string without quoting or validation. An attacker who can influence project terminal settings (for example, through a shared or malicious project) can embed shell expansions such as $(...) into env var keys, achieving arbitrary command execution on the remote host as the victim user when they open a terminal. No public exploit identified at time of analysis, but the issue is fixed in Zed 0.227.1.
Command injection in the rpmuncompress utility of RPM allows local attackers to execute arbitrary commands when a victim extracts a maliciously crafted ZIP, 7z, or GEM archive whose top-level folder name contains shell metacharacters. The flaw affects Red Hat Enterprise Linux 6 through 10 and downstream products including OpenShift Container Platform 4, Satellite 6, Red Hat Hardened Images, and Quarkus Native Builder. No public exploit identified at time of analysis, and the issue requires user interaction with an attacker-supplied archive, but successful exploitation yields full code execution under the extracting user's identity.
Remote unauthenticated command injection in the ZeroTier VPN feature of InHand Networks IR302, IR305, IR315, and IR615 industrial routers grants ROOT-level code execution on affected devices. The flaw carries a CVSS 9.8 critical rating with no authentication required, exposing industrial network gateways to full compromise; no public exploit identified at time of analysis, but the vendor (InHand Networks PSA-2026-05) has acknowledged the issue.
Remote root command injection in InHand Networks industrial routers (IR302, IR305, IR315, IR615) allows unauthenticated network attackers to fully compromise affected devices via the WireGuard VPN feature. With CVSS 9.8 and no required privileges or user interaction, this flaw grants attackers ROOT-level control over edge industrial networking equipment. No public exploit identified at time of analysis, but a vendor advisory (InHand-PSA-2026-05) has been published.
Remote code execution as root in InHand Networks industrial cellular routers (IR302, IR305, IR315, IR615) allows unauthenticated network attackers to inject operating system commands through the IPSec VPN feature. The CVSS 9.8 score reflects network-reachable, low-complexity, unauthenticated exploitation with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Remote root command injection in InHand Networks IR302, IR305, IR315, and IR615 industrial cellular routers allows unauthenticated attackers to execute arbitrary OS commands as root via the Admin Access feature. The flaw affects IR302 V3.5.108, IR305/IR315/IR615 V1.0.118, and earlier firmware, with CVSS 9.8 reflecting network-reachable, no-auth exploitation; no public exploit identified at time of analysis but vendor PSA-2026-05 confirms the issue.
Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.
Arbitrary OS command execution in Microsoft's UFO intelligent-automation framework (tagged releases up to and including v3.0.0) lets a local, low-privileged attacker who can write or modify a per-session action JSON record plant a malicious shell action that is executed via PowerShell when the session is resumed or replayed. The injected command runs with the privileges of the UFO process user, yielding full confidentiality, integrity, and availability impact (CVSS 7.8, CWE-78). There is no public exploit identified at time of analysis, and no EPSS or CISA KEV data was supplied to gauge exploitation likelihood.
Local privilege escalation via OS command injection in pam_usb before 0.8.7 lets a low-privileged local user execute arbitrary commands as root. The flaw lives in src/tmux.c, which reads the attacker-controllable $TMUX environment variable and interpolates its socket-path component, unsanitised, inside a double-quoted string passed to popen(); a value containing a double-quote breaks out of the quoting and injects shell syntax that runs in the root-context PAM stack. No public exploit identified at time of analysis, and no EPSS or CISA KEV data was supplied, but the CVSS 8.8 (scope-changed) rating reflects straightforward, low-complexity root compromise.
Root command injection in pam_usb prior to 0.8.7 lets a local high-privileged user - or an attacker who can present a removable device with an attacker-chosen filesystem UUID - embed shell metacharacters (e.g. $(id>/tmp/rce)) that execute as root when an administrator runs pamusb-conf --reset-pads. A second injection path passes the userName value from the XML configuration directly to os.system() in pamusb-agent. No public exploit identified at time of analysis; the issue is fixed in 0.8.7.
Local privilege escalation in pam_usb prior to 0.8.7 lets a low-privileged user gain the elevated privileges of the pam_usb tool chain by abusing the pamusb-pinentry helper. The helper trusts the PINENTRY_FALLBACK_APP environment variable and executes its value directly, so any process able to set that variable before pamusb-pinentry runs can have an arbitrary binary executed. There is no public exploit identified at time of analysis, and the issue is fixed in version 0.8.7; the GitHub Security Advisory (GHSA-jxrj-q67x-wr4c) is the sole reference.
Unauthorized OS command execution in Tanium Connect allows an attacker holding low-privilege authenticated access to run arbitrary commands on the host, achieving full compromise of confidentiality, integrity, and availability. The CVSS 8.8 (network vector, low complexity, low privileges, no user interaction) reflects an authenticated remote code execution issue rooted in command injection (CWE-78). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; EPSS data was not provided.
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.org>) CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository (Colm O hEigeartaigh <coheigea@...che.org>) Sv: Coordinated Disclosure in the LLM Age (Markus Klyver <markusklyver@...mail.com>) Re: Evince/Atril/Xreader command injection CVE-2026-46529 (Wolfgang <raveit65.sun@...il.com>) illumos: 18118 SCTP frees wrong-size, and need to keep private options (Dan McDonald <danmcd@...ecast.io>) [vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513 (Christian Brabandt <cb@...bit.org>) NGINX ngx_http_rewrite_mod
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/27. Perl allow OS command injection via send_file() (Stig Palmquist <stig@...g.io>) Samba 4.24.3, 4.23.8 and 4.22.10 Security Releases are available for Download (Douglas Bagnall <douglas.bagnall@...alyst.net.nz>) Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>) ARTEMIS-5996: CVE-2026-40914: Apache Artemis, Apache ActiveMQ Artemis: Address routing-type can be updated by STOMP protoc… (Justin Bertram <jbertram@...che.org>) [OSSA-2026-014] OpenStack Swift: Swift proxy-server denial of service via truncated s3api chunked upload (CVE-2026-4901… (Goutham Pacha Ravi <gouthampravi@...il.…) 9
Command injection in the Sherlock username-hunting tool's CI/CD pipeline (versions prior to 0.16.1) allows any GitHub user to run arbitrary commands on the project's GitHub Actions runner. The flaw lives in the validate_modified_targets.yml workflow, which uses the dangerous pull_request_target trigger; simply opening a pull request executes attacker-controlled code with no approval, review, or merge required. Fixed in 0.16.1; with a CVSS of 9.3 it is a high-severity supply-chain issue, though no public exploit was identified at time of analysis and the technique class is well documented.
Authenticated command injection in TP-Link Archer BE450 v1 and BE7200 v1 routers lets an admin-level user run arbitrary OS commands with elevated privileges via the web management interface. The flaw stems from improper input validation (CWE-20): crafted input supplied through the management UI is passed to backend system commands without adequate sanitization, enabling full device compromise. There is no public exploit identified at time of analysis, and the CVSS 4.0 vector scopes exploitation to the adjacent network by an already-authenticated administrator.
Local privilege escalation via command injection in Raynet rvia (RayVentory) 12.6.4392.49-amd64.deb allows authenticated local users to achieve arbitrary code execution by exploiting an improperly terminated find query the application uses to locate the Java runtime. The flaw is reachable through the getconfig command, the upload URL argument, and the oracle -o flag, and publicly available exploit code exists on GitHub although no active exploitation has been observed.
Local arbitrary code execution in Raynet rvia 12.6 Update 8 and earlier lets a low-privileged local user inject operating-system commands through the application's Java search feature, which assembles a `find` command from an attacker-controlled path without properly terminating the search criteria (CWE-77 OS command injection). A working proof-of-concept exploit script is publicly available on GitHub (Wise-Security/CVE-2026-38945), and CISA's SSVC framework rates the technical impact as total, though it marks the issue as not automatable and requiring local access. No EPSS score and no CISA KEV listing were supplied, so there is no public exploit identified as actively exploited at time of analysis.
Unauthenticated remote command injection in the Netis AC1200 Router (model NC21, firmware V4.0.1.4296) allows any LAN-resident attacker to execute arbitrary OS commands as the router's runtime user via a single HTTP POST to /cgi-bin/skk_set.cgi. The password and new_pwd_confirm parameters are concatenated into a shell invocation without sanitization, and exploitation requires no credentials. No public exploit is identified at time of analysis, though the disclosure repository documents the technique (base64-encoded backtick payloads), and EPSS scoring (0.21%) suggests limited broad exploitation pressure despite the trivial attack complexity.
OS command injection in sipeed picoclaw v0.1.2 and earlier allows remote attackers to bypass an incomplete denylist-based sanitizer in the ExecTool component and execute arbitrary shell commands on the host. The guardCommand() function in pkg/tools/shell.go relies on only eight regex denylist patterns, which is insufficient to block the wide range of shell metacharacters and command-chaining techniques available to an attacker. No public exploit identified at time of analysis, though a third-party gist documenting the issue is referenced from NVD.
OS command injection in the @pensar/apex Node.js agent package (versions 0.0.58 and earlier) lets a remote, unauthenticated attacker run arbitrary operating-system commands by smuggling shell metacharacters into the smart_enumerate tool's url or extensions inputs. The vulnerable createSmartEnumerateTool() routine in src/core/agent/tools.ts builds a shell command string by concatenating those untrusted values and passes it to Node.js child_process.exec(), which spawns a shell that interprets the injected characters, executing them with the privileges of the agent process. CVSS is 8.8 (network vector, low complexity, no privileges, but user/agent interaction required); the source data shows no CISA KEV listing and no EPSS score, and a referenced researcher gist may contain proof-of-concept detail though exploit code is not confirmed in the structured input.
OS command injection in MB connect line / Helmholz mbNET and REX industrial remote-maintenance routers (mbNET.mini up to 3.0.2, REX200/250 and mbNET/mbNET.rokey up to 8.4.4, REX100 up to 3.0.2) lets a high-privilege authenticated user poison the device's configuration generator so that a tainted value is later passed unsanitized to a system execute call, producing arbitrary command execution with total loss of confidentiality, integrity and availability. The flaw was reported through CERT@VDE (advisory VDE-2026-054) and tracked as EUVD-2026-32151. There is no public exploit identified at time of analysis, EPSS is low (0.07%, 22nd percentile), and CISA's SSVC framework rates current exploitation as none.
OS command injection in Perl's HTTP::Daemon before 6.17 (libwww-perl) lets remote unauthenticated attackers execute commands as the daemon process UID when request-derived input reaches the send_file() method. The method opened its string argument with Perl's 2-argument open(), whose magic prefixes ('| cmd', 'cmd |', '> path', '>> path') spawn subprocesses or write/truncate files; the read-pipe form additionally leaks subprocess stdout into the HTTP response body. There is no public exploit identified at time of analysis and no CISA KEV listing, but the upstream fix is released (6.17) and the patch diff is public, so the root cause is fully disclosed.
OS command injection in Tanium Connect lets an authenticated, low-privileged user execute arbitrary commands on the underlying host, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). The flaw affects Connect branches 5.26, 5.29, and 5.37 below their respective fixed builds and is tagged as RCE/Command Injection. There is no public exploit identified at time of analysis, and EPSS estimates exploitation probability at a low 0.07% (22nd percentile).
OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped exec() call inside the Juniper router integration plugin, enabling arbitrary shell command execution on the host. The flaw lives in the _log() function of src/juniper_plugin/fastnetmon_juniper.php, where the $msg argument (built from argv[1]-argv[3]: attack IP, direction, power) is concatenated directly into a shell command. Although rated CVSS 9.8, practical exploitation is gated: FastNetMon's C++ core currently feeds IPs through inet_ntoa(), which only yields safe dotted-decimal strings, so injection requires the script to be driven directly or by a third-party orchestrator. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjacent network.
Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands through the terminal_tool component's approval mechanism. The vulnerability affects all versions up to commit 5157f5427f19488b31c6fdebbacd15d798ce7f63 and has publicly available exploit code demonstrating the attack. The vendor has not responded to disclosure attempts, leaving users without an official patch.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary OS commands via the 'method' parameter in the formEZCHNwlanSetup POST handler at /goform/formEZCHNwlanSetu. Public exploit code exists (CVSS E:P), enabling low-complexity attacks that compromise confidentiality, integrity, and availability at low impact levels. EPSS data not available. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation. Vendor was notified but has not issued a patch or advisory.
Command injection in Edimax EW-7438RPn 1.12 allows authenticated remote attackers to execute arbitrary operating system commands via the max_Conn and timeOut parameters in the formConnectionSetting endpoint. The vulnerability requires low-privilege authentication but no user interaction, with public exploit code available. EPSS data not available; vendor unresponsive to disclosure.
Remote command injection in Edimax EW-7438RPn 1.12 allows authenticated attackers to execute arbitrary OS commands by manipulating the submit-url parameter in the formAccept function via /goform/formAccep endpoint. Public exploit code is available (EPSS not provided in input data). Vendor was notified but has not responded or issued a patch, leaving devices vulnerable to takeover by users with low-level credentials.
Command injection in Edimax EW-7438RPn 1.28a allows authenticated remote attackers to execute arbitrary system commands via crafted POST parameters to the /goform/formHwSet endpoint. The vulnerability affects the formHwSet function's handling of multiple configuration parameters including Antenna, Mcs, regDomain, MAC addresses, SSID, and channel settings. Public exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation, though CISA KEV does not list active widespread exploitation at time of analysis.
OS command injection in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 allows authenticated remote attackers to execute arbitrary system commands via the formWizSurvey web interface. The vulnerability exists in the /goform/formWizSurvey endpoint where input validation fails on the ip, mask, and gateway parameters. Publicly available exploit code exists (GitHub POC published), though no active exploitation has been confirmed by CISA KEV. EPSS data not available for this recent CVE. Vendor notified but non-responsive, indicating no official patch is forthcoming.
OS command injection in Edimax EW-7438RPn firmware (versions up to 1.31) allows authenticated remote attackers to execute arbitrary system commands via the pinCode parameter in the formWpsStart function. Public exploit code is available on GitHub, enabling low-complexity attacks against the WPS configuration interface. The vendor has not responded to vulnerability disclosure, leaving no official patch available. EPSS data not provided, but public POC availability significantly increases exploitation risk for internet-exposed devices with weak admin credentials.
Command injection in the Edimax BR-6428NS 1.10 wireless router's web management interface allows a remotely authenticated attacker to execute arbitrary OS commands by manipulating the repeaterSSID parameter in a POST request to /goform/formWlbasic. A publicly available proof-of-concept exploit exists, raising the practical risk above what the moderate CVSS score of 6.3 alone suggests. The vendor was notified prior to disclosure but did not respond, meaning no vendor-supplied patch exists at time of analysis.
Command injection in Edimax BR-6428NS firmware version 1.10 exposes the device's operating system to remote command execution via the /goform/formWlanM POST request handler. An authenticated remote attacker (PR:L per CVSS) can manipulate any of 29+ wireless calibration and ATE parameters - including ateFunc, ateGain, e2pTxPower series, and readE2P - to inject arbitrary shell commands into the device OS. No vendor patch exists as Edimax did not respond to responsible disclosure; a publicly available exploit exists, and the breadth of vulnerable parameters indicates a systemic absence of input sanitization across the wlanM form handler.
Cross-tenant remote code execution in Nezha Monitoring dashboard (versions >= 1.4.0, < 1.14.15-0.20260517022419-d7526351cf97) allows any authenticated RoleMember user to execute arbitrary shell commands as root on every monitored agent host in the deployment. The flaw stems from cron API endpoints being gated by commonHandler instead of adminHandler, combined with a vacuous-true permission check when the Servers list is empty, enabling fanout to all tenants' servers. No public exploit identified at time of analysis, but a complete proof-of-concept is included in the GitHub Security Advisory.
Command injection in Microsoft 365 Copilot for iOS allows remote unauthenticated attackers to tamper with system integrity over the network when a user is convinced to interact with malicious content. The flaw carries a critical CVSS score of 9.3 with a scope change indicating impact beyond the vulnerable component, though no public exploit identified at time of analysis. An official vendor patch is available via MSRC.
Command injection in Microsoft 365 Copilot exposes sensitive information to unauthenticated remote attackers when a victim user interacts with attacker-controlled content, resulting in High confidentiality impact with no integrity or availability effect. The vulnerability carries a CVSS 6.5 (Medium) score, reflecting network accessibility and low attack complexity offset by a mandatory user interaction requirement. No public exploit code exists at time of analysis, and Microsoft has released an official patch documented via the Microsoft Security Response Center.
Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-system commands against the platform, with a maximum CVSS score of 10.0 reflecting changed scope and full confidentiality, integrity, and availability impact. The flaw stems from improper neutralization of special elements in command construction (CWE-77), and while no public exploit has been identified at time of analysis, Microsoft has released a patch via MSRC. Given Power Pages is a multi-tenant SaaS offering, a successful exploit could pivot beyond the initial site boundary.
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitrary shell commands via unescaped line terminators in the .op field. Affects the quote() API and parse() flows that accept object tokens, with no public exploit identified at time of analysis but a vendor-released upstream fix in commit 1518179. EPSS data was not provided, but the package's massive ecosystem footprint (millions of weekly npm downloads) makes downstream supply-chain exposure substantial.
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary operating system commands by abusing improperly validated input. The flaw carries a critical CVSS 9.1 score with scope change, indicating successful exploitation can break out of the originating security context, though no public exploit identified at time of analysis.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute arbitrary operating system commands by sending crafted input that bypasses validation. The flaw carries a maximum CVSS 10.0 score with scope change (S:C) impacting confidentiality, integrity, and availability, and affects a broad fleet of UniFi gateways, NVRs, NAS units, and Cloud Keys. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Command injection in KnpLabs Snappy PHP library (versions <= 1.7.0) allows attackers to execute arbitrary OS commands as the PHP process when the wkhtmltopdf/wkhtmltoimage binary path passed to the constructor is influenced by attacker-controlled input. An inverted is_executable() check renders the intended escapeshellarg() protection dead code, so the binary path string is concatenated raw into the shell command. A proof-of-concept is published in the GHSA advisory; no public exploit identified in the wild and the vulnerability is not in CISA KEV at time of analysis.
Arbitrary command execution in Fission's builder component (pkg:go/github.com/fission/fission <= 1.22.0) allows any principal with create or update privileges on Environment CRDs to redirect the builder pod to execute any binary reachable via $PATH inside the builder image. The vulnerable call site at pkg/builder/builder.go:254 passes the unsanitized Environment.spec.builder.command value directly to exec.Command after a strings.Fields split, enabling attackers to specify paths such as /bin/sh -c '...' as the build command. No public exploit has been identified at time of analysis, but the patch is confirmed released in v1.23.0 and the exploit primitive requires only a single Kubernetes API write to trigger.
Authenticated remote code execution affects Zoho ManageEngine ADSelfService Plus (before build 6525), DataSecurity Plus (before 6264), and RecoveryManager Plus (before 6313) on agent machines, stemming from a flaw in a bundled third-party dependency. An authenticated attacker with low privileges can inject commands (CWE-77) to execute arbitrary code on managed agent endpoints, with no public exploit identified at time of analysis.
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell. The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
Integrity compromise in PowerDNS Authoritative Server allows network-positioned attackers to inject unauthorized DNS records by exploiting insufficient validation of DNS names received during AXFR (zone transfer) processing. The CVSS changed-scope indicator (S:C) reflects that the high-integrity impact extends beyond the vulnerable server itself to all downstream systems consuming the corrupted zone data, enabling a form of DNS record poisoning. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) constrains exploitation to adversaries with specific network positioning or control over a zone transfer source.
Remote code execution in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows authenticated high-privilege attackers to inject arbitrary OS commands through the device's web interface using command delimiters. The flaw carries a CVSS 9.1 rating due to scope change and full CIA impact, and no public exploit identified at time of analysis, though the industrial-control context makes any RCE highly consequential. Honeywell has released a patch via its process.honeywell.com portal.
Shell injection in Netatalk 3.1.0 through 4.4.2 allows a high-privileged local attacker to execute arbitrary OS commands by embedding shell metacharacters in a configured volume path value. The flaw (CWE-78) arises because volume path strings are passed to a shell interpreter without sanitization, meaning any actor with write access to Netatalk's volume configuration can achieve full command execution under the Netatalk process context. No public exploit code has been identified at time of analysis, and the vendor has released a fix in version 4.4.3.
OS command injection in Netatalk 2.2.1 through 4.4.2 arises from a code path that invokes system() after a failed chdir() call, classified under CWE-78. Exploitation requires local access with high privileges and high attack complexity, and yields only low-integrity and low-availability impact with no confidentiality exposure, reflected in the CVSS score of 2.5. No public exploit code and no CISA KEV listing have been identified at time of analysis; a vendor-released fix is available in version 4.5.0.
Shell injection in Netatalk 3.1.4 through 4.4.2 allows authenticated remote attackers to execute arbitrary OS commands through a bitwise-OR logic flaw, achieving full confidentiality, integrity, and availability impact (CVSS 7.5). Netatalk is the open-source AFP (Apple Filing Protocol) server commonly deployed on Linux/BSD NAS appliances to share files with macOS clients. The flaw was fixed in version 4.4.3; no public exploit identified at time of analysis and the issue is not currently in CISA KEV.
Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118.
Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS users with transaction test management privileges to execute arbitrary OS commands inside the BrowserBot container as the unprivileged 'node' user. Exploitation requires valid ThousandEyes SaaS credentials and the ability to manage transaction tests, scoping the realistic threat primarily to insiders and compromised privileged accounts. Cisco has already deployed a remediation server-side; no customer action is required. No public exploit code or CISA KEV listing exists at time of analysis.
Command injection in shivammathur/setup-php (versions 2.25.0 through 2.37.0) allows an attacker who can influence repository files to execute arbitrary commands on a GitHub Actions runner when the action resolves the PHP version from attacker-controlled content. The risk is highest in privileged workflows using pull_request_target that check out untrusted PR code before invoking setup-php, potentially exposing repository secrets and CI/CD infrastructure. No public exploit code or KEV listing exists at time of analysis, but the attack is realistic in any project using this common CI action pattern with auto-merging or cross-repo workflows.
Command injection in Dell SmartFabric Storage Software versions prior to 1.4.5 enables a high-privileged local attacker to gain unauthorized read and write access to the underlying filesystem. Exploitation requires local system presence and high-level privileges, with the CVSS vector (AV:L/AC:H/PR:H) indicating a constrained threat surface despite the high confidentiality, integrity, and availability impact scores. No public exploit identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Windows security feature bypass, publicly dubbed 'YellowKey', exposes systems to full confidentiality, integrity, and availability compromise via command injection (CWE-77) requiring only physical access - no credentials or user interaction needed. A proof-of-concept was released publicly prior to patch availability, violating coordinated disclosure norms, which lowers the attacker skill bar significantly. No vendor-released patch exists at time of analysis; Microsoft has confirmed the issue and is preparing a security update.
Unauthenticated remote code execution in CtrlPanel billing software (versions 1.1.1 and prior) allows attackers to execute arbitrary OS commands via the web-based installer endpoint, even on already-installed instances. The flaw combines a control-flow bug (install.lock gate runs after handler execution) with command injection through unsanitized user input passed into shell commands. The advisory reports active exploitation in the wild, though no CISA KEV listing is present in the supplied data.
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent attackers to execute arbitrary OS commands by chaining two unprotected API endpoints. The Next.js authentication middleware in src/proxy.js uses a narrow route allowlist that excludes /api/cli-tools/* and /api/mcp/*, letting an attacker register an arbitrary command via POST /api/cli-tools/cowork-settings and then trigger spawn() via GET /api/mcp/[plugin]/sse. Publicly available exploit code exists (PoC published with the GHSA advisory), with CVSS 10.0 reflecting maximum severity across confidentiality, integrity, and availability.
Remote code execution in Kopia backup server (≤ 0.22.3) allows unauthenticated attackers to run arbitrary OS commands as the Kopia process user via a single HTTP request to /api/v1/repo/exists when the server is launched with --without-password. Publicly available exploit code exists through the published GHSA advisory and PR diff; no public exploit identified at time of analysis as being weaponized in the wild, but the trivially exploitable vector (CVSS 9.8) and detailed write-up make weaponization straightforward. The bug stems from naive space-splitting of attacker-controlled sshArguments that is fed to exec.CommandContext("ssh"), letting an -oProxyCommand= token trigger $SHELL -c execution before any SSH transport is established.
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.
Command injection in Panabit PAP-XM320 firmware up to and including V7.7 enables authenticated remote attackers with management interface access to execute arbitrary shell commands on the underlying OS. The web management interface passes user-controlled input to the backend helper /usr/sbin/pappiw, which processes arguments via eval - a classic CWE-78 pattern that causes attacker-supplied shell metacharacters to be interpreted as commands. No public exploit has been confirmed at time of analysis and this CVE is not listed in the CISA KEV catalog, though a researcher disclosure page is referenced.
OS command injection in Dokploy self-hosted PaaS (versions <= 0.26.6) allows an authenticated low-privileged user to achieve server-level remote code execution by injecting shell metacharacters into the appName parameter when creating an application or database. The cleanAppName sanitizer only lowercases and strips spaces, leaving characters like ;, $(), backticks, |, and & to be passed directly into execAsync()/execAsyncRemote() shell interpolation when service lifecycle operations run. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV, but the GitHub commit diff publicly demonstrates the vulnerable code path.
Local privilege code execution in jarrodwatts/claude-hud through version 0.0.12 on Windows allows authenticated local users to run arbitrary executables by setting the COMSPEC environment variable before the tool's version check, where execFile() launches whatever binary COMSPEC points to with cmd.exe-style arguments. The flaw is tracked as CWE-427 (Uncontrolled Search Path Element) and was reported by VulnCheck; no public exploit identified at time of analysis, but the upstream commit 234d9aa makes the fix mechanics straightforward to reverse-engineer.
{id}/volumes/{volumeName}/browse`. The path sanitizer at `volume_service.go:1448-1467` blocks only `../` traversal and passes shell substitution sequences through unchanged; `strconv.Quote` wraps the path in Go-style double quotes, which POSIX `sh` still interprets as a command-substitutable string, causing the injected command to execute and its output to be reflected in the HTTP 500 error body. No vendor-released patch exists at time of analysis; publicly available exploit code is embedded in the GHSA advisory (GHSA-9mvm-4gwg-v8mp) and no confirmed active exploitation (CISA KEV) has been reported.
Command injection in Edimax BR-6428NS firmware v1.10 allows authenticated remote attackers to execute arbitrary system commands via the stadrv_ssid parameter in POST requests to /goform/formStaDrvSetup. Public exploit code is available (documented in VulDB and researcher's Notion page), enabling low-complexity attacks against networks where attackers have obtained low-privilege credentials. The vendor received early disclosure but provided no response, leaving no official patch timeline.
Command injection in Edimax BR-6228NC version 1.22 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the 'command' parameter in POST requests to /goform/mp endpoint. Public exploit code exists, increasing exploitation risk despite requiring low-privilege authentication. EPSS data not available, but the presence of working exploit demonstrates confirmed weaponization. Vendor has not responded to disclosure and no patch has been announced.
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
OS command injection in Vercel AI SDK versions up to 3.0.97 allows authenticated remote attackers with pull request creation privileges to execute arbitrary commands on CI/CD runners through malicious branch names. The vulnerability resides in the prettier-on-automerge GitHub Actions workflow, which insecurely interpolates PR branch names into shell commands. A public proof-of-concept exploit exists (disclosed via GitHub Gist), demonstrating feasibility despite CVSS 4.0 rating the complexity as high (AC:H) and exploitability as difficult. The vendor (Vercel) was notified but has not responded, and no patch availability is confirmed from vendor sources at time of analysis.
Remote command injection in Kodbox fileThumb plugin (versions up to 1.64) allows authenticated attackers to execute arbitrary system commands by manipulating the ffmpegBin parameter in video processing functions. Publicly available exploit code increases immediate risk. EPSS data not available, but CVSS temporal metrics indicate confirmed proof-of-concept exploitation (E:P). Vendor has not responded to disclosure, leaving patch status uncertain.
Remote code execution in AVideo streaming platform allows authenticated users with streaming privileges to execute arbitrary OS commands through shell metacharacter injection in the Live plugin. The vulnerability exists in the on_publish.php webhook endpoint which builds shell commands using unsafe string concatenation instead of proper escaping, allowing attackers to inject commands via specially crafted stream keys containing single quotes. While the CVSS indicates low privileges required (authenticated users with canStream permission), the impact is severe as it grants full web server user access.
Budibase servers before version 3.38.1 allow any authenticated application user to modify datasource connection parameters through the REST API endpoint PUT /api/datasources/:datasourceId, which requires only basic TABLE/READ permissions instead of builder-level access. This authorization bypass enables attackers with minimal BASIC role privileges to redirect PostgreSQL, MySQL, MongoDB, or REST datasources to arbitrary hosts and ports, creating server-side request forgery (SSRF) conditions that bypass existing HTTP-layer protections for SQL driver connections. The vulnerability has been assigned CVSS 8.8 (High) and is fixed in Budibase 3.38.1.
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when users view attacker-controlled files containing ZMODEM protocol headers. The vulnerability exploits automatic ZMODEM detection that injects commands into the user's shell when displaying malicious content with common commands like 'cat'. Real-world risk is moderate (EPSS data not provided) as it requires local access and user interaction, but enables code execution without explicit user consent beyond viewing a file.
Remote code execution in Tabby terminal emulator versions prior to 1.0.233 allows unauthenticated attackers to execute arbitrary OS commands via malicious tabby:// URL scheme links. When users click a crafted link containing tabby://run?command=..., Tabby spawns the specified command with full user privileges without any confirmation or sanitization. The vulnerability carries a CVSS 9.4 score due to network vector and high impact across all security dimensions.
Command injection in the Turborepo LSP VS Code extension before version 2.9.14000 allows arbitrary code execution when opening malicious workspaces. The vulnerability stems from unsafe string interpolation in shell commands, enabling attackers to inject commands through workspace settings or task names that execute with the user's VS Code process privileges. The CVSS 4.0 score of 8.4 indicates high severity with local access and user interaction required.
Command injection in Vim 9.x text editor allows local attackers to execute arbitrary shell commands when a user opens specially crafted .tgz archive filenames. The vulnerability exploits insufficient sanitization in the tar#Vimuntar() function's shellescape() call, enabling cmdline-special character expansion. Exploitation requires user interaction (opening the malicious archive) and high attack complexity (filename manipulation), limiting real-world risk despite the command injection class. Fixed in version 9.2.0479 via GitHub commit 3fb5e58f. No evidence of active exploitation or public POC beyond the vendor's test case.
Command injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to execute arbitrary OS commands through the CommandHelper.executeCommands method. The vulnerability stems from unsanitized command strings being passed directly to a shell process's standard input. With an EPSS score indicating moderate exploitation likelihood and SSVC assessment showing automatable attacks with total technical impact, this represents a significant risk despite no current KEV listing or confirmed active exploitation.
Remote code execution in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows unauthenticated attackers to inject malicious JavaScript into unsanitized 'data' parameter, achieving arbitrary code execution on Node.js backend servers. Critical vulnerability (CVSS 4.0: 10.0) with complete system compromise potential affecting server confidentiality, integrity, and availability. Vendor-released patch available in version 0.7.6. No confirmed active exploitation (not in CISA KEV), but command injection via web-accessible APIs typically sees rapid weaponization once disclosed.
Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.
Command injection in python-utcp allows remote attackers to execute arbitrary shell commands on Unix and Windows systems when user-controlled tool arguments are processed by the CLI communication protocol module. The _substitute_utcp_args method in cli_communication_protocol.py directly embeds unsanitized user input into bash or PowerShell commands without escaping, enabling full remote code execution. Vendor-released patch available in version 1.1.2 with shell-quoting mitigation (shlex.quote on Unix, single-quoted literals on Windows). CVSS 8.3 indicates high complexity and required user interaction, but scope change enables container/sandbox escape scenarios. No public exploit code or CISA KEV listing identified at time of analysis, though detailed proof-of-concept exists in the GitHub security advisory demonstrating data exfiltration via curl.
Remote code execution in HRConvert2 self-hosted file conversion server allows unauthenticated attackers to execute arbitrary commands via shell metacharacters in filenames. The sanitizeString() function in convertCore.php fails to filter backticks and tab characters before passing user input to shell_exec(), enabling command injection that executes in the web server context (www-data). According to the vendor, exploitation can achieve complete server takeover through two methods: backtick-based command injection or tab-based file dropping. Fixed in version 3.3.8 released May 2026. EPSS data unavailable; no confirmed active exploitation (not in CISA KEV), but the vendor confirms the vulnerability is exploitable and rates severity as critical.
Remote code execution in mdserver-web Linux panel versions 0.18.0 through 0.18.4 allows unauthenticated remote attackers to execute arbitrary system commands by exploiting unprotected scheduled task management endpoints. Attackers can modify built-in cron jobs via the /modify_crond interface and trigger execution through /start_task without any authentication, achieving complete system compromise. No public exploit code or active exploitation confirmed at time of analysis, though the attack complexity is rated low with network-based access vector.
Command injection in @apostrophecms/cli apos create command allows arbitrary command execution when a user supplies specially crafted input during the interactive password prompt. The vulnerability exists in lib/commands/create.js line 186, where user-supplied password input is passed directly into a shell exec() call without sanitization or escaping, enabling attackers to inject shell metacharacters (;, &&, $()) to execute arbitrary commands with the privileges of the user running the CLI. Exploitation requires user interaction (UI:R) and high privilege context (PR:H), but publicly available proof-of-concept demonstrates successful arbitrary code execution on Ubuntu systems with Node.js.
OS command injection in Fleet's software installer pipeline allows arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when a specially crafted software package is uninstalled. The vulnerability exists because package metadata fields are not sanitized before being incorporated into auto-generated uninstall scripts. An attacker with the ability to upload packages to Fleet can exploit this by embedding malicious commands in package metadata fields, resulting in code execution with elevated privileges when endpoints execute the uninstall operation. Patch version 4.81.1 available.
Command injection in CFEngine Enterprise and Community editions before versions 3.21.8, 3.24.3, and 3.27.0 enables remote unauthenticated attackers to execute arbitrary commands on the system. The vulnerability has an EPSS score of 0.15% indicating relatively low exploitation probability, and no public exploit identified at time of analysis. SSVC framework rates this as automatable with total technical impact, suggesting high potential severity if exploited.
Remote code execution in Web::Passwd 0.03 and earlier allows unauthenticated network attackers to execute arbitrary system commands with web server privileges via command injection in the user parameter. The CVSS vector indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score is low (0.04%, 12th percentile), suggesting limited real-world exploitation observed to date. No active exploitation confirmed by CISA KEV at time of analysis, though publicly available exploit code exists per oss-security disclosure.
Command injection in U-SPEED AC1200 Gigabit Wi-Fi Router (Model T18-21K) V1.0 allows authenticated administrators to execute arbitrary system commands with elevated privileges through the Network Time Protocol (NTP) configuration interface. The vulnerability stems from insufficient input sanitization in NTP settings fields, enabling full system compromise. CVSS score of 7.2 reflects high impact across confidentiality, integrity, and availability. Public proof-of-concept code exists via GitHub repository (N0tMilk/vulnerability-research), though no active exploitation has been confirmed via CISA KEV at time of analysis. EPSS data not available for risk probability assessment.
Local code execution in the claude-code-cache-fix npm package (v3.5.0 and v3.5.1) lets attacker-controlled filesystem path names run arbitrary Python inside a victim's Claude Code process. The bundled tools/quota-statusline.sh interpolates Claude Code's statusline hook stdin — which reflects user-controlled paths such as cwd, workspace.current_dir, workspace.project_dir, and transcript_path — directly into a Python triple-quoted literal, so a directory name containing the byte sequence ''' closes the literal early and executes following bytes as Python at the user's privilege on every statusline redraw. A working injection payload is publicly available exploit code (published in the GHSA advisory and the T6/T7 regression tests); the issue is not listed in CISA KEV and no EPSS score was provided.