Command Injection

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to execute arbitrary system commands via the command parameter. Versions up to 4.22.1 are affected. The vulnerability is publicly disclosed with exploit code available on GitHub, and the vendor has not released a patch despite early notification.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted requests to the /cgi-bin/cstecgi.cgi endpoint. The vulnerability resides in the setDiagnosisCfg function's insufficient validation of the 'ip' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 9.8 (Critical) reflects network-accessible, low-complexity attack requiring no authentication. No vendor-released patch identified at time of analysis.

OS command injection in Totolink A7100RU router firmware (version 7.4cu.2313_b20191024) allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setAppCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing indicates targeted campaigns have not been observed at time of analysis.

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. CVSS 9.8 (Critical) reflects network-accessible attack requiring no authentication or user interaction.

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the ttyEnable parameter in the setTtyServiceCfg function of /cgi-bin/cstecgi.cgi. Public exploit code is available (GitHub POC published). CVSS 9.8 critical severity with network vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis, representing immediate risk to internet-facing devices.

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the CGI interface. The setRadvdCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the maxRtrAdvInterval parameter, enabling command injection through crafted HTTP requests. Publicly available exploit code exists on GitHub, significantly lowering exploitation barriers. CVSS 9.8 critical rating reflects network-accessible attack vector with no authentication or user interaction required, enabling full system compromise.

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.

Remote code execution via command injection in ChargePoint Home Flex electric vehicle charging stations allows unauthenticated network-adjacent attackers to execute arbitrary commands as root. The vulnerability resides in the revssh service's handling of OCPP (Open Charge Point Protocol) messages, where unsanitized user-supplied strings are passed directly to system calls. No authentication is required, but the attacker must be on the same network segment as the charging device. No public exploit identified at time of analysis.

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via command injection in the allowed commands list handler. The vulnerability stems from improper validation of user-supplied strings before system call execution, enabling attackers to run code in the MCP server context with no authentication required. EPSS score of 1.01% (77th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via improper validation of the allowed commands list. The command injection flaw (CWE-78) enables system call execution without authentication barriers. With a CVSS score of 9.8 (critical severity) and EPSS probability of 1.01% (77th percentile), this represents a high-severity vulnerability with moderate real-world exploitation likelihood. No public exploit identified at time of analysis, and no active exploitation confirmed.

OS command injection in Chamilo LMS 1.x (prior to 1.11.38) and 2.0.0-RC.x (prior to RC.3) allows authenticated teacher-role users to execute arbitrary system commands via unsanitized file path parameters. The move() function in fileManage.lib.php concatenates user-controlled move_to POST values directly into exec() shell commands without proper escaping. Any authenticated user can exploit this by creating a course (enabled by default), uploading a directory with shell metacharacters via Course Backup Import, then moving a document to trigger command execution as www-data. No public exploit identified at time of analysis.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the User parameter in setVpnAccountCfg function at /cgi-bin/cstecgi.cgi endpoint. CVSS 9.8 critical severity with publicly available exploit code documented on GitHub. No authentication, low complexity, network-accessible attack vector enables full system compromise with high confidentiality, integrity, and availability impact.

Remote unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise. Attackers exploit the setPptpServerCfg function in /cgi-bin/cstecgi.cgi CGI handler by injecting malicious commands through the 'enable' parameter. CVSS 9.8 critical severity reflects network-accessible attack requiring no privileges or user interaction. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers seeking router takeover, data exfiltration, or network pivoting.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction, granting complete device compromise with potential for lateral network movement. Publicly available exploit code exists (GitHub POC). CVSS 9.8 severity reflects network-accessible attack vector with no privilege requirements.

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands. The vulnerability resides in the setPortalConfWeChat function within /cgi-bin/cstecgi.cgi, exploitable by manipulating the 'enable' parameter. CVSS 9.8 severity reflects network-accessible attack vector requiring no authentication or user interaction, with full system compromise potential. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers targeting vulnerable router deployments.

Remote unauthenticated OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows arbitrary command execution via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Attackers exploit the 'enable' parameter without authentication to achieve full system compromise. CVSS 9.8 critical severity reflects network accessibility, no complexity barriers, and complete confidentiality/integrity/availability impact. Publicly available exploit code exists, significantly lowering attack barrier for opportunistic scanning campaigns targeting consumer routers.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the admpass parameter in setLoginPasswordCfg function of /cgi-bin/cstecgi.cgi. Network-accessible with no user interaction required. Publicly available exploit code exists. CVSS 9.8 critical severity reflects complete system compromise potential.

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the tty_server parameter in the setAdvancedInfoShow function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity reflects network-accessible exploitation requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can achieve full system compromise including data exfiltration, configuration tampering, and denial of service against affected routers.

OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via malicious lan_info parameter to setMiniuiHomeInfoShow function in /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. Publicly available exploit code exists. Complete compromise of confidentiality, integrity, and availability achievable through CGI handler manipulation.

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 via unauthenticated manipulation of telnet_enabled parameter in setTelnetCfg function. Critical CVSS 9.8 score reflects network-accessible attack requiring no authentication or user interaction, enabling full system compromise. Publicly available exploit code exists. Impacts router confidentiality, integrity, and availability with potential for complete device takeover and lateral network movement.

Unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows remote attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiGuestCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Successful exploitation enables complete device compromise with high impact to confidentiality, integrity, and availability.

Command injection in Juniper Networks Junos OS and Junos OS Evolved CLI processing allows high-privileged local attackers to execute arbitrary shell commands as root through crafted 'set system' arguments, enabling complete system compromise. Affects all versions before multiple fixed releases across both operating systems. Authentication required (high-privileged local access). No public exploit identified at time of analysis.

Command injection in Juniper Networks Support Insights Virtual Lightweight Collector (JSI vLWC) CLI enables local high-privileged attackers to escalate privileges to root. Inadequate input validation in the CLI menu permits shell command injection, with injected commands executing at root level. All JSI vLWC versions before 3.0.94 affected. CVSS 8.4 (High severity, local vector). Requires high-level existing privileges (PR:H). No public exploit identified at time of analysis.

Command injection in PraisonAIAgents memory hooks executor allows authenticated local attackers to execute arbitrary shell commands through unsanitized user input passed to subprocess.run() with shell=True. Affects versions prior to 1.5.128. Two attack vectors exist: direct exploitation via hook configuration (pre_run_command/post_run_command) and automated exploitation through .praisonai/hooks.json lifecycle hooks (BEFORE_TOOL/AFTER_TOOL). Agent prompt injection enables persistent compromise by overwriting hooks.json, executing payloads silently at every lifecycle event without user interaction. No public exploit identified at time of analysis.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. Attackers can achieve complete device compromise with high impact to confidentiality, integrity, and availability of the router. No authentication required for exploitation (CVSS PR:N).

Remote OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi. This vulnerability enables complete device compromise with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists. No CISA KEV listing identified at time of analysis.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted sambaEnabled parameter in setStorageCfg function of /cgi-bin/cstecgi.cgi CGI handler. Publicly available exploit code exists. Network-reachable attack vector requires no user interaction, enabling full system compromise of affected routers.

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the wanIdx parameter in the setDmzCfg function within /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with attack complexity low, no privileges required, and no user interaction. Publicly available exploit code exists. Exploitation enables complete compromise of device confidentiality, integrity, and availability with total technical impact.

Remote command injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated network attackers to execute arbitrary OS commands via the Bash.run function in metagpt/tools/libs/terminal.py. The vulnerability has a CVSS score of 6.9 with network-accessible attack vector and low complexity, and matches CISA SSVC criteria for partial technical impact with automatable exploitation; a proof-of-concept exists but no confirmed active exploitation has been reported.

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.

OS command injection in Totolink A7100RU router 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'merge' parameter in setWiFiEasyCfg function within /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity. Publicly available exploit code exists. Attack requires no authentication or user interaction, enabling complete system compromise including data exfiltration, configuration tampering, and denial of service.

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via crafted addrPrefixLen parameter in setIpv6LanCfg function of /cgi-bin/cstecgi.cgi CGI handler. CVSS 9.8 critical severity reflects network-accessible attack vector requiring no privileges or user interaction, with complete confidentiality, integrity, and availability impact. Publicly available exploit code exists.

Unauthenticated remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise via the setIptvCfg function in /cgi-bin/cstecgi.cgi. Attackers inject malicious commands through the igmpVer parameter without authentication, achieving arbitrary code execution with router privileges. CVSS 9.8 (Critical). Publicly available exploit code exists. No authentication, network-accessible attack vector with low complexity allows immediate weaponization for botnet recruitment, credential theft, or lateral network movement.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in setUPnPCfg function within /cgi-bin/cstecgi.cgi. Publicly available exploit code exists. No vendor-released patch identified at time of analysis. CVSS 8.9 (Critical) reflects network-accessible attack requiring no user interaction.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the pptpPassThru parameter in setVpnPassCfg function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction and achieves full system compromise (confidentiality, integrity, availability). Publicly available exploit code exists. Attack vector is network-accessible without authentication (CVSS 8.9 Critical).

OS command injection in D-Link DIR-882 router (firmware 1.01B02) allows authenticated remote attackers to execute arbitrary system commands via malicious IPAddress parameter to prog.cgi HNAP1 SetNetworkSettings handler. Requires high privileges (PR:H) but achieves full system compromise (CVSS 7.3). Publicly available exploit code exists. Product discontinued; vendor no longer provides security updates.

Command injection in awwaiid mcp-server-taskwarrior up to version 1.0.1 allows local authenticated attackers to execute arbitrary system commands via manipulation of the Identifier argument in the server.setRequestHandler function of index.ts. Publicly available exploit code exists, and the vendor has released a patched version following responsible disclosure practices. This is a locally-exploitable vulnerability requiring authenticated access with moderate CVSS severity (5.3), but the presence of public exploit code and low attack complexity elevates practical risk.

Remote OS command injection in Agions taskflow-ai up to version 2.1.8 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the terminal_execute component in src/mcp/server/handlers.ts, with CVSS 6.3 reflecting moderate severity. Vendor-released patch is available in version 2.1.9 (commit c1550b445b9f24f38c4414e9a545f5f79f23a0fe), and the vendor responded promptly to early notification.

Command injection in PraisonAI pip package allows remote code execution when processing untrusted YAML workflows, agent configurations, or LLM-generated tool calls. Multiple execution paths (`execute_command`, workflow shell steps, action orchestrator) pass user-controlled input to `subprocess.run()` with `shell=True`, enabling arbitrary command execution via shell metacharacters (`;`, `|`, `&&`, `$()`). Affected: PraisonAI versions < 4.5.121. Attack vectors include malicious YAML definitions, agent marketplace poisoning, and document-based prompt injection. No public exploit identified at time of analysis. CVSS 9.7 (Critical) reflects network-accessible unauthenticated attack requiring only user interaction, with complete system compromise potential.

Command injection in Unix-like Artifacts Collector (UAC) pre-3.3.0-rc1 enables arbitrary code execution through unsanitized placeholder substitution in the _run_command() pipeline. Attackers inject shell metacharacters via %line%, %user%, or %user_home% placeholders processed by foreach iterators and system file parsers, exploiting direct eval() execution without input validation. Exploitation requires local access with user interaction but no authentication, executing commands at UAC process privilege level. No public exploit identified at time of analysis.

OS command injection in parseusbs (versions prior to 1.9) allows local attackers to execute arbitrary commands through unsanitized volume path arguments passed to the -v flag. The vulnerability stems from passing user-controlled input directly to os.popen() with shell=True during volume enumeration via ls command, enabling shell metacharacter injection. Exploitation requires user interaction to execute parseusbs with a malicious -v argument. No public exploit identified at time of analysis, though proof-of-concept exists in commit history.

OS command injection in parseusbs <1.9 enables arbitrary code execution on forensic examiner systems through maliciously crafted .lnk filenames. The parseUSBs.py module passes LNK file paths unsanitized into os.popen() shell commands, allowing attackers to embed shell metacharacters in filenames that execute during USB artifact parsing. Exploitation requires no authentication (PR:N) but necessitates user interaction (UI:P) when the examiner processes USB artifacts containing weaponized .lnk files. No public exploit identified at time of analysis.

Vim 9.2.0315 and earlier contains a command injection vulnerability in the netbeans interface that allows a malicious netbeans server to execute arbitrary Ex commands via unsanitized strings in defineAnnoType and specialKeys protocol messages. An authenticated local attacker with user-level privileges and ability to interact with a netbeans connection can achieve code execution with the privileges of the Vim process. The vulnerability is fixed in Vim 9.2.0316.

Remote code execution in idachev mcp-javadc up to version 1.2.4 allows unauthenticated attackers to inject arbitrary operating system commands through the jarFilePath parameter in the HTTP Interface, with publicly available exploit code and a moderate CVSS score of 6.9 reflecting limited confidentiality, integrity, and availability impact.

Remote code execution in Tophat mobile testing harness prior to 2.5.1 allows authenticated network attackers to execute arbitrary commands on a developer's macOS workstation via unsanitized URL query parameters passed directly to bash. The vulnerability affects any developer with Tophat installed, with commands executing under the user's permissions and no confirmation dialog for previously trusted build hosts. This was fixed in version 2.5.1.

Command injection in basic-ftp npm package v5.2.0 allows unauthenticated remote attackers to inject arbitrary FTP protocol commands via CRLF sequences in file path parameters. Affected methods include cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). Inadequate input sanitization in protectWhitespace() combined with direct socket writes enables attackers to split single FTP commands into multiple commands, leading to unauthorized file deletion, directory manipulation, file exfiltration, or session hijacking. Vendor-released patch available in version 5.2.1. No public exploit identified at time of analysis. EPSS unavailable.

Local privilege escalation to root in Fleet Orbit agent (macOS) allows authenticated local users to inject arbitrary Tcl commands via malformed FileVault password input. The vulnerability stems from unsafe interpolation of user-supplied passwords into expect scripts executed as root. CVSS 7.8 (High) with EPSS data unavailable; no public exploit identified at time of analysis, though exploitation requires only a specially crafted password containing closing brace characters. Impacts organizations using Fleet's macOS disk encryption management.

OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis.

OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis.

Command injection in CoolerControl/coolercontrold versions prior to 4.0.0 allows high-privileged local attackers to escalate privileges to root by injecting malicious bash commands into alert names. The vulnerability affects the alerts functionality where user-controlled input is passed unsanitized to shell execution contexts. With CVSS 8.2 and local attack vector requiring high privileges, exploitation demands existing administrative access but enables full system compromise. No public exploit identified at time of analysis.

Remote code execution via OS command injection in suvarchal docker-mcp-server through 0.1.0 allows unauthenticated attackers to execute arbitrary commands by manipulating the stop_container, remove_container, or pull_image HTTP interface functions. Publicly available exploit code exists, and while the vendor was notified early through GitHub issue #3, no patch has been released as of the analysis date.

Command injection in dbt-labs/actions workflow allows remote code execution via malicious GitHub issue comments. Unauthenticated attackers can inject arbitrary shell commands through unescaped comment-body output in the open-issue-in-repo.yml reusable workflow, affecting dbt-core infrastructure. The vulnerability exists in GitHub Actions workflows where attacker-controlled comment text is interpolated directly into bash if statements without sanitization. Fixed in commit bbed8d28, no public exploit identified at time of analysis, but EPSS scoring and CVSS 9.3 indicate critical severity with network attack vector requiring no privileges.

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the host system by injecting malicious SSH options through the login endpoint. Affecting Red Hat Enterprise Linux versions 7 through 10, this critical pre-authentication vulnerability (CVSS 9.8) requires no credentials and executes code before any authentication checks occur. EPSS data not available; no confirmed active exploitation (CISA KEV) at time of analysis, though the pre-authentication nature and command injection vector present severe risk for internet-exposed Cockpit instances.

Remote code execution in File Browser versions 2.0.0 through 2.63.1 allows authenticated administrators to execute arbitrary OS commands via malicious filenames. The vulnerability stems from unsanitized variable substitution in the hook system, which processes file events (upload, rename, delete) using administrator-defined shell commands. Attackers with file write permissions can inject shell metacharacters into filenames that trigger command execution when hooks fire. No public exploit identified at time of analysis, though EPSS data not provided. The vulnerable feature has been disabled by default from v2.33.8 onwards as a mitigation measure.

Command injection in NSA Emissary P2P workflow engine (versions prior to 8.39.0) allows authenticated remote administrators to execute arbitrary shell commands through unsanitized PLACE_NAME parameter values. The Executrix utility class passes configuration-derived values directly to /bin/sh -c with only space-to-underscore sanitization, enabling shell metacharacters (semicolons, pipes, backticks) to trigger command execution. CVSS 7.2 (High) reflects network accessibility with low attack complexity, though exploitation requires high-privilege administrator credentials (PR:H). No public exploit code identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available in version 8.39.0 per GitHub security advisory.

Shell command injection in Emissary workflow engine below version 8.39.0 allows high-privileged attackers with repository write access to execute arbitrary commands via GitHub Actions workflow_dispatch inputs. Attackers exploit unsanitized ${{ }} expression syntax in workflow files to inject malicious shell commands, enabling repository poisoning and supply chain attacks affecting downstream users. CVSS 9.1 (Critical) with Changed scope indicates potential to compromise beyond the vulnerable component. No public exploit code or CISA KEV listing identified at time of analysis, though exploitation requires only repository write access with low attack complexity.

Remote code execution in Pi-hole FTL engine versions 6.0 through 6.5 allows authenticated attackers to execute arbitrary system commands by injecting malicious dnsmasq configuration directives through newline characters in the DHCP hosts configuration parameter. Exploitation requires low-complexity network access with low-level authentication (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vulnerability's straightforward injection mechanism and the popularity of Pi-hole as a DNS/DHCP solution elevate practical risk for environments with multiple administrative users or compromised credentials.

Remote code execution in Pi-hole FTL engine versions 6.0 through 6.5 allows authenticated attackers to inject arbitrary dnsmasq configuration directives via newline character injection in the DHCP lease time parameter (dhcp.leaseTime), leading to command execution on the underlying system. Affects the FTLDNS component that provides Pi-hole's interactive API and web statistics. No public exploit identified at time of analysis, though exploitation requires only low-complexity attack methods with network access and low-privilege authentication (CVSS 8.8).

Remote code execution in Pi-hole FTL 6.0 through 6.5 allows authenticated attackers to execute arbitrary commands via newline injection in DNS host record configuration. The vulnerability exploits improper input sanitization in the dns.hostRecord parameter, enabling injection of malicious dnsmasq directives that execute at the system level. With CVSS 8.8 (network-accessible, low complexity, requires low-privilege authentication), this represents a critical risk for Pi-hole deployments where administrative access controls are weak. No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated users.

Remote code execution in Pi-hole FTL DNS engine versions 6.0 through 6.5 allows authenticated attackers to execute arbitrary system commands by injecting malicious dnsmasq configuration directives through newline characters in the DNS CNAME records parameter (dns.cnameRecords). Authentication requirements confirmed (CVSS PR:L - low privileges required). Publicly available exploit code exists. CVSS 8.8 with network attack vector and low complexity indicates high exploitability once authenticated access is obtained.

Remote code execution in Pi-hole FTL engine versions 6.0 through 6.5 allows authenticated attackers with low privileges to execute arbitrary system commands by injecting newline-delimited dnsmasq configuration directives into the upstream DNS servers parameter (dns.upstreams). The vulnerability requires network access with authentication (CVSS:3.1 PR:L) but has low attack complexity and no user interaction required. No public exploit identified at time of analysis, though technical details are available in the GitHub Security Advisory.

OS command injection in Nokia MantaRay NM Log Search application allows authenticated adjacent network attackers to execute arbitrary OS commands with high impact to confidentiality, integrity, and availability. The vulnerability affects versions prior to 25R1-NM due to improper neutralization of special elements in OS commands (CWE-77). CVSS score of 8.0 reflects high severity with low attack complexity requiring low-level authentication from adjacent network position. No public exploit identified at time of analysis, though command injection vulnerabilities are well-understood and relatively straightforward to exploit once access requirements are met.

OS command injection in Nokia MantaRay NM Symptom Collector application allows authenticated adjacent network attackers to execute arbitrary OS commands with high confidentiality, integrity, and availability impact. The vulnerability affects all versions prior to 25R1-NM and requires low-privilege authenticated access over adjacent network with low attack complexity. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.06% (19th percentile), indicating relatively low observed real-world exploitation likelihood despite the high CVSS score.

Remote command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands via the firewallType parameter in the setFirewallType function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.9 with low confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is potentially actively exploited.

Remote command injection in Totolink A7100RU firmware version 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands by manipulating the enable parameter in the setRemoteCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a publicly available exploit and a CVSS 6.9 score reflecting remote network accessibility with low attack complexity. Real-world risk is elevated due to the presence of published exploit code and the direct path to command execution in a widely deployed home router model.

Remote code execution via OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated network attackers to execute arbitrary commands through the tz parameter in the setNtpCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability carries a CVSS 6.9 score indicating moderate severity with low impact across confidentiality, integrity, and availability.

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setGameSpeedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists on GitHub (EPSS and KEV status not provided, but publicly available proof-of-concept increases immediate risk). Attack vector is network-based with low complexity requiring no user interaction or authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N).

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'provider' parameter in the setDdnsCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC) demonstrating practical exploitation. With CVSS 7.3 and network-accessible attack vector requiring no authentication or user interaction, this represents a significant risk to exposed devices, though no active exploitation confirmed by CISA KEV at time of analysis.

Remote command injection in AWS Research and Engineering Studio (RES) 2024.10 through 2025.12.01 allows authenticated users to execute arbitrary commands on cluster-manager EC2 instances through unsanitized input in the FileBrowser API. Vendor-released patch available (version 2026.03). No public exploit identified at time of analysis, though CVSS 7.7 reflects high impact if exploited by low-privileged authenticated users with network access.

Remote code execution as root in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in virtual desktop session names. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78 command injection), enabling privilege escalation to root on virtual desktop hosts. Vendor-released patch available in version 2026.03. CVSS 8.7 (High) with network attack vector, low complexity, and low privileges required. No public exploit identified at time of analysis, though the technical details in GitHub issue #151 may facilitate weaponization.

OS command injection in Totolink A3300R firmware version 17.0.0cu.557_B20221024 allows authenticated local attackers to execute arbitrary commands via the stun_pass parameter in the vsetTr069Cfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 5.1 (medium severity) with CVSS:4.0/AV:A/AC:L/PR:L vector indicating adjacent network access and low authentication requirements. Publicly available exploit code exists, though active exploitation status (CISA KEV) is not confirmed.

OS command injection in Anthropic Claude Code CLI and Agent SDK for Python allows remote, unauthenticated attackers to execute arbitrary commands through unsanitized authentication helper parameters processed with shell=true. The vulnerability enables credential theft and environment variable exfiltration in CI/CD pipelines where these tools run with elevated automation privileges. Publicly available exploit code exists, creating immediate risk for organizations using these SDKs in automated workflows.

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python enables arbitrary command execution via malicious file paths containing shell metacharacters. Local attackers can exploit POSIX shell command substitution within double-quoted strings to execute commands with user privileges. Publicly available exploit code exists. With CVSS 8.4 (High) and local attack vector requiring user interaction, this represents elevated risk in CI/CD pipelines and development environments where untrusted file paths may be processed.

OS command injection in Anthropic Claude Code CLI and Claude Agent SDK for Python allows local attackers to execute arbitrary commands by poisoning the TERMINAL environment variable with shell metacharacters. The vulnerability affects both normal CLI operations and deep-link handlers, enabling privilege escalation to the user context running the CLI. Publicly available exploit code exists. With CVSS 8.6 (High) severity, this presents significant risk in CI/CD pipelines and developer environments where environment variables may be attacker-controlled.

OS command injection in Totolink A7100RU firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary commands via manipulation of the mode parameter in the setScheduleCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists for this vulnerability, creating immediate risk for exposed devices.

Remote command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary OS commands via manipulation of the resetFlags parameter in the CsteSystem function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists for this vulnerability, which achieves a CVSS 6.9 score with low confidentiality, integrity, and availability impact across multiple scopes.

Unauthenticated remote code execution (RCE) at root level in Aperi'Solve <3.2.1 allows attackers to execute arbitrary commands via unsanitized password input in JPEG upload functionality. Attack requires no authentication (PR:N) and low complexity (AC:L), with CVSS 9.3 critical severity. Publicly available exploit code exists via GitHub advisory. Attackers gain full container compromise with potential pivot to PostgreSQL/Redis databases and, in misconfigured deployments with Docker socket mounts, possible host system takeover. EPSS data not provided, but given unauthenticated network-based vector and public disclosure with fix details, exploitation risk is substantial for exposed instances.

Remote command execution in UTT Aggressive 520W v3v1.7.7-180627 via the /goform/formReleaseConnect component allows authenticated attackers with high privileges to execute arbitrary system commands through a crafted string parameter, resulting in complete system compromise (confidentiality, integrity, and availability impact). No public exploit code or active exploitation has been confirmed at the time of analysis.

Remote command execution in UTT Aggressive HiPER 520W router firmware v1.7.7-180627 allows unauthenticated attackers to execute arbitrary system commands via crafted input to the /goform/formDia component. CVSS 9.8 severity indicates network-accessible, low-complexity exploitation requiring no authentication or user interaction. EPSS score of 0.04% (12th percentile) suggests currently low exploitation probability despite publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis, presenting significant risk for exposed devices.

Arbitrary OS command execution in Vim prior to version 9.2.0276 occurs when users open maliciously crafted files containing modeline directives that bypass sandbox protections. The vulnerability exploits missing security flags on the complete, guitabtooltip, and printheader options, plus an unchecked mapset() function, enabling attackers to escape Vim's modeline sandbox and execute system commands. Publicly available exploit code exists. With EPSS data unavailable and no CISA KEV listing, real-world exploitation risk depends heavily on social engineering success, though the low attack complexity (CVSS AC:L) and no authentication requirement (PR:N) lower the barrier for opportunistic attacks against users who routinely open untrusted files.

OS command injection in OFFIS DCMTK's storescp utility (versions up to 3.7.0) allows unauthenticated remote attackers to execute arbitrary system commands via crafted DICOM network operations. The vulnerability resides in the executeOnReception and executeOnEndOfStudy functions within dcmnet/apps/storescp.cc. With a CVSS score of 7.3 and network attack vector requiring no authentication, this presents significant risk to medical imaging systems using vulnerable DCMTK versions. Vendor patch edbb085e45788dccaf0e64d71534cfca925784b8 is available; no public exploit identified at time of analysis.

Local command injection in ChrisChinchilla Vale-MCP up to version 0.1.0 allows authenticated local attackers to execute arbitrary OS commands via manipulation of the config_path argument in the HTTP Interface component (src/index.ts). The vulnerability requires local access and valid user privileges, with publicly available exploit code disclosed after vendor non-response, representing a moderate-risk issue in environments where the MCP tool is deployed with local user access.

OS command injection in Braffolk mcp-summarization-functions through version 0.1.5 allows local attackers with user-level privileges to execute arbitrary system commands by manipulating the command argument in the summarize_command function. The vulnerability affects the src/server/mcp-server.ts component and requires local access; publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

OS command injection in elgentos magento2-dev-mcp up to version 1.0.2 allows local authenticated users to execute arbitrary system commands through the executeMagerun2Command function in src/index.ts. The vulnerability requires local access and valid user privileges but grants low-impact code execution capabilities. Publicly available exploit code exists, and vendor-released patch is available.

OS command injection in Nor2-io heim-mcp up to version 0.1.3 allows authenticated local attackers to execute arbitrary system commands via the registerTools function in src/tools.ts, affecting cloud deployment operations. Publicly available exploit code exists, and the vendor released a patched version promptly after disclosure.

OS command injection in Tenda AC10 firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to execute arbitrary system commands via the formAddMacfilterRule function in /bin/httpd. The vulnerability requires valid credentials (PR:L in CVSS vector) and affects multiple endpoints related to MAC filtering configuration. No public exploit code has been independently confirmed as actively exploited, though proof-of-concept documentation exists in public repositories.

Remote code execution in ScrapeGraphAI scrapegraph-ai up to version 1.74.0 allows unauthenticated remote attackers to inject arbitrary operating system commands via the create_sandbox_and_execute function in GenerateCodeNode Component, with publicly available exploit code and vendor non-response confirming active real-world risk.

OS command injection in MoussaabBadla code-screenshot-mcp HTTP interface (versions up to 0.1.0) allows authenticated remote attackers to execute arbitrary system commands with limited confidentiality, integrity, and availability impact. Public exploit code has been disclosed, and the vendor did not respond to early disclosure attempts, leaving affected deployments without vendor-provided patches.

Remote code execution in pyLoad download manager allows authenticated non-admin users with SETTINGS permission to execute arbitrary system commands via the AntiVirus plugin configuration. The vulnerability stems from incomplete enforcement of admin-only security controls: while core configuration options like reconnect scripts and SSL certificates require admin privileges, plugin configuration lacks this protection. Attackers can modify the AntiVirus plugin's executable path (avfile) parameter, which is directly passed to subprocess.Popen() without validation, achieving command execution when file downloads complete. CVSS 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No active exploitation confirmed (not in CISA KEV), but detailed proof-of-concept exists in the GitHub security advisory.