Skip to main content

Command Injection

7742 CVEs technique

Monthly

CVE-2026-35682 HIGH CISA Act Now

Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.

Command Injection Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-21709 MEDIUM PATCH This Month

Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication 12.x and Software Appliance 13.x allows local administrators to load unsigned kernel drivers, potentially enabling persistent kernel-level compromise. The vulnerability requires high-level administrative privileges and is not actively exploited in the wild; however, EPSS scoring (0.01%) suggests this is a low-probability exploitation target despite the high CVSS score, indicating the attack scenario is constrained by strict privilege and configuration requirements.

Command Injection Microsoft Backup And Replication Software Appliance
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-41153 MEDIUM PATCH This Month

Command execution in JetBrains Junie before version 252.549.29 allows local attackers to execute arbitrary commands by crafting malicious project files, requiring user interaction to open the file. The vulnerability affects all Junie versions prior to the patched release and exploits unsafe handling of project file content without proper sanitization.

Command Injection Junie
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-35073 MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 and specific LTS releases (8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.60) contain an OS command injection vulnerability (CWE-78) that allows high-privileged local attackers to execute arbitrary commands with root privileges. The vulnerability stems from improper neutralization of special elements in OS commands, with a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact but constrained by local access and high privilege requirements.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-35074 MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0, LTS2025 releases 8.3.1.0-8.3.1.20, and LTS2024 releases 7.13.1.0-7.13.1.60 allow local high-privileged attackers to execute arbitrary OS commands with root privileges via improper neutralization of special elements in command construction (OS command injection). No public exploit code or active exploitation has been identified at the time of analysis, but the vulnerability affects critical backup and disaster recovery infrastructure with direct root access potential.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-35072 MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allow OS command injection via improper neutralization of special elements in OS commands. A high-privileged local attacker can execute arbitrary commands with root privileges by exploiting this vulnerability, enabling complete system compromise.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-6483 HIGH POC PATCH This Week

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.

Command Injection Wl Wn530H4
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-23779 MEDIUM PATCH This Month

Command injection in Dell PowerProtect Data Domain allows high-privileged local attackers to execute arbitrary commands and gain root-level access across Feature Release versions 7.7.1.0-8.5, LTS2025 versions 8.3.1.0-8.3.1.20, and LTS2024 versions 7.13.1.0-7.13.1.50. The vulnerability requires local access and elevated privileges (PR:H), limiting exploitation scope to authenticated administrative users with shell or console access. No public exploit or active exploitation has been identified at the time of analysis.

Dell Command Injection
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-23778 HIGH PATCH This Week

Command injection in Dell PowerProtect Data Domain DD OS versions 7.7.1.0-8.5 (Feature), 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.50 (LTS2024) enables authenticated administrators with remote access to execute arbitrary commands as root. Dell DSA-2026-060 confirms patches in DD OS 8.6.0.0, 8.3.1.30, and 7.13.1.50. EPSS score of 0.05% (15th percentile) suggests low widespread exploitation risk despite network attack vector; no public exploit identified, CVSS 7.2 reflects high-privilege requirement limiting attack surface to compromised admin accounts or insider threats.

Dell Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-21719 HIGH This Week

Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.

Command Injection Cubecart
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-41113 HIGH PATCH This Week

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-40933 npm CRITICAL PATCH GHSA Act Now

### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. ### Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP using stdio, the user can add any command, even though your code have input sanitization checks such as validateCommandInjection and validateArgsForLocalFileAccess, and a list of predefined specific safe commands - these commands, for example "npx" can be combined with code execution arguments ("-c touch /tmp/pwn") that enable direct code execution on the underlying OS. https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L223 https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L177 https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L269 ### PoC Create a new Custom MCP and add an "npx -c" command. ``` { "command": "npx", "args": [ "-c", "touch /tmp/pwn" ] } ``` <img width="358" height="628" alt="Screenshot 2026-01-12 at 18 32 37" src="https://github.com/user-attachments/assets/d95c1ae2-23a7-4afe-b586-722003baf50e" /> ### Impact This is an authenticated arbitrary command execution due to unsanitized input, even though the input is sanitized, more protections should be added in order to close ways for attackers to execute arbitrary commands.

Command Injection RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-41015 HIGH PATCH This Week

Command injection in radare2's rabin2 PDB parser allows local attackers to execute arbitrary commands when the tool is compiled without SSL support on UNIX systems. The vulnerability (CWE-78) affected a narrow window between commits 01ca2f6 and 9236f44 (post-6.1.2, pre-6.1.3), spanning less than one week in the development timeline. CVSS 7.4 (HIGH) reflects local attack vector with high complexity but no authentication required. No active exploitation confirmed (not in CISA KEV), though publicly available exploit code exists. EPSS data not provided. Fixed in commit 9236f44a28 per GitHub PR #25651.

Command Injection Suse
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-6349 CRITICAL PATCH Act Now

OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.

Command Injection Isherlock Base 4 5 Isherlock Audit 4 5 Isherlock Base 5 5 Isherlock Audit 5 5
NVD VulDB
CVSS 4.0
9.3
EPSS
0.9%
CVE-2026-40502 HIGH PATCH This Week

Remote command injection in OpenHarness gateway handler allows authenticated remote chat users to execute administrative commands like /permissions full_auto without authorization, escalating privileges to modify security controls of running instances. Vulnerability exploits insufficient command validation in chat interface. Fixed in commit dd1d235. CVSS 8.7 (High) with network attack vector and low complexity. EPSS data unavailable; not listed in CISA KEV. VulnCheck advisory and GitHub patch available.

Authentication Bypass Command Injection Openharness
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-20136 MEDIUM This Month

A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.

Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
6.0
EPSS
0.1%
CVE-2026-20186 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20147 CRITICAL NEWS Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-40499 HIGH POC PATCH This Week

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process maliciously crafted PE/PDB files containing newline bytes in section header names. Attack requires local file access and user interaction (opening the file with radare2's idp command). Publicly available exploit exists with EPSS score of 0.07% (22nd percentile), indicating low likelihood of mass exploitation but significant risk for targeted attacks against reverse engineers and malware analysts who routinely examine untrusted binaries.

Command Injection Radare2
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2024-53412 Go HIGH GHSA This Week

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-30461 HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE N A
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-30625 PyPI CRITICAL PATCH GHSA Act Now

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.

Command Injection RCE Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-30617 HIGH This Week

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-30616 HIGH This Week

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system.

Command Injection RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-30624 HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-30615 HIGH This Week

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands on behalf of the user, persist malicious MCP configuration changes, and access sensitive information exposed through the application.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-39842 Maven CRITICAL PATCH GHSA Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple Docker Deserialization +5
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33414 Go MEDIUM PATCH GHSA This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
CVSS 4.0
4.0
EPSS
0.0%
CVE-2026-35196 HIGH PATCH This Week

OS command injection in Chamilo LMS prior to 2.0.0-RC.3 allows authenticated attackers to execute arbitrary system commands via session poisoning of the course ID parameter. Attackers with low-privilege accounts can manipulate the $_SESSION['_cid'] variable to inject shell metacharacters into shell_exec() calls in the gradebook certificate export functionality, achieving full system compromise. CVSS 8.8 (High) with network attack vector and low complexity. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub advisory. EPSS data not available for this recent CVE.

PHP Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24893 HIGH PATCH This Week

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. CVSS score of 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed CVE.

Command Injection RCE Openitcockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-40176 PHP HIGH PATCH GHSA This Week

Command injection in Composer's Perforce integration allows arbitrary code execution when processing malicious composer.json files. Attackers controlling VCS repository configuration can inject shell commands via unsanitized Perforce connection parameters (port, user, client), which execute even without Perforce installed. CVSS 7.8 (High) with local attack vector requiring user interaction. Affects Composer versions before 2.2.27 and 2.9.6. Exploitation requires victim to run Composer commands on attacker-controlled project root composer.json, limiting scope to supply chain or social engineering scenarios. No KEV listing or public POC identified at time of analysis, but exploitation barrier is low once malicious config is introduced.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40261 PHP HIGH PATCH GHSA This Week

Command injection in Composer's Perforce integration allows remote code execution when installing packages from malicious repositories. The vulnerability exists in versions before 2.2.27 and 2.9.6, affecting all users who install dependencies from source (--prefer-source or dev versions) regardless of whether Perforce is installed. Attackers can inject shell commands through crafted source references or connection parameters in package metadata served by compromised Composer repositories. CVSS 8.8 (High) with network attack vector, low complexity, and no authentication required (though user interaction is needed). No confirmed active exploitation (CISA KEV), but publicly available exploit code exists per GitHub advisory disclosure.

Command Injection
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-32183 HIGH PATCH Exploit Unlikely This Week

Command injection in Windows Snipping Tool allows local code execution when an unauthorized attacker convinces a user to open a specially crafted file. This vulnerability affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025), requiring user interaction but no authentication (PR:N). No public exploit identified at time of analysis, though the local attack vector and user interaction requirement limit immediate remote threat. CVSS 7.8 reflects high impact ac

Command Injection Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-23653 MEDIUM PATCH Exploit Unlikely This Month

Command injection in GitHub Copilot Chat Extension for Visual Studio Code allows authenticated attackers with user interaction to disclose sensitive information over a network. The vulnerability affects CoPilot Chat Extension versions before 0.37.3 and requires an authorized user to interact with a crafted prompt or input. Microsoft has released a patched version (0.37.3) to remediate this CWE-77 command injection flaw.

Command Injection Microsoft Visual Studio Code Copilot Chat Extension
NVD VulDB
CVSS 3.1
5.7
EPSS
0.1%
CVE-2026-39808 CRITICAL POC KEV THREAT NEWS Emergency

OS command injection in Fortinet FortiSandbox 4.4.0-4.4.8 and FortiSandbox PaaS versions 21.3-23.4 enables remote unauthenticated attackers to execute arbitrary system commands with complete system compromise. CVSS 9.8 (network, low complexity, no privileges) but EPSS 0.29% (53rd percentile) suggests limited real-world exploitation observed despite maximum severity score. No active exploitation confirmed (not in CISA KEV). SSVC framework classifies as automatable with total technical impact but no known exploitation. Fortinet PSIRT advisory FG-IR-26-100 available but description incomplete (missing attack vector specifics).

Fortinet Command Injection Fortisandbox Fortisandbox Paas
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.3%
Threat
5.0
CVE-2026-40288 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary command and code execution in PraisonAI's workflow engine (versions <4.5.139) and praisonaiagents (<1.5.140) allows remote unauthenticated attackers to execute shell commands and Python code through malicious YAML workflow files. The vulnerability stems from unsafe processing of 'run:', 'script:', and 'python:' directives in job-type workflows without validation or sandboxing. With a critical CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interac

RCE Command Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4786 HIGH PATCH This Week

Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.

Command Injection Cpython
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-22563 CRITICAL PATCH Act Now

Critical command injection in Ubiquiti UniFi Play PowerAmp and Audio Port allows remote unauthenticated attackers to execute arbitrary commands with network access to the device management interface. Affects PowerAmp versions ≤1.0.35 and Audio Port versions ≤1.0.24. CVSS 9.8 critical severity reflects network-accessible attack with no authentication barriers. EPSS score of 0.08% (24th percentile) suggests low immediate exploitation probability despite critical scoring. Vendor-released patches av

Command Injection Ubiquiti
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-6219 LOW POC Monitor

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

Command Injection Ytdownloader
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-6195 HIGH POC This Week

Command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary operating system commands via the admpass parameter in the setPasswordCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (CVSS 8.9, EPSS 0.89% / 76th percentile, SSVC: POC/automatable/total impact). Not listed in CISA KEV; real-world exploitation status unconfirmed beyond POC publication.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-35582 Maven HIGH PATCH GHSA This Week

Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Command Injection Docker Java Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28291 npm HIGH PATCH GHSA This Week

Command injection in simple-git npm package versions ≤3.28.0 enables arbitrary code execution via crafted Git options. Attackers who control Git command options can bypass the allowUnsafePack safety restriction using malformed variations of the -u flag (e.g., -vu, -4u, --u) to execute shell commands on Linux systems. This vulnerability stems from an incomplete fix for CVE-2022-25860, with proof-of-concept code publicly available demonstrating file creation via touch command. EPSS data not provid

Command Injection Docker Microsoft
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-34188 HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 enables high-privileged remote attackers to execute arbitrary operating system commands through the Event Response execution functionality. While requiring administrative credentials (PR:H), successful exploitation grants extensive system access with high confidentiality and integrity impact. No public exploit identified at time of analysis, though the specific attack vector through Event Response features provides a clear exploitation pathway for authenticated administrators or compromised admin accounts.

Command Injection Pandora Fms
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2026-30809 HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the WebServerModuleDebug component. With low attack complexity and no user interaction required, attackers with low-level privileges can achieve high confidentiality and integrity impact on the vulnerable system, plus limited impact on connected systems (CVSS 8.7). No public exploit identified at time of analysis, though the vulnerability has medium remediation effort according to CVSS 4.0 metadata.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-30806 HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the Network Report functionality. The vulnerability stems from improper input sanitization of special elements used in OS commands. With CVSS 8.7 (HIGH) severity and network-accessible attack vector requiring only low privileges, this poses significant risk to monitoring infrastructure despite no confirmed active exploitation (not in CISA KEV) or public exploit code at time of analysis.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-6204 PHP HIGH POC PATCH GHSA This Week

Remote code execution in LibreNMS network monitoring platform (versions prior to 26.3.0) allows authenticated administrators to execute arbitrary commands on the underlying web server by manipulating Binary Locations configuration settings combined with the Netcommand feature. This authenticated attack requires administrative privileges but has publicly available exploit code, enabling straightforward weaponization. CVSS 8.5 severity reflects high confidentiality and integrity impact with network-based attack vector and low complexity.

Command Injection RCE Librenms
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-6158 MEDIUM POC This Month

Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.

Command Injection N300Rh
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
2.4%
CVE-2026-6156 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the Comment parameter in the setIpQosRules function exposed through /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with network attack vector, low complexity, and no privileges required. Publicly available exploit code exists (GitHub POC published), significantly lowering the exploitation barrier for opportunistic attackers targeting vulnerable devices.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6155 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313 allows unauthenticated remote attackers to execute arbitrary system commands via the pppoeServiceName parameter in the setWanCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC), enabling trivial remote compromise with high impact on confidentiality, integrity, and availability. CVSS 8.9 (Critical) with network attack vector, low complexity, and no authentication required. SOHO router vulnerabilities like this are commonly targeted for botnet recruitment and lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6154 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted wizard parameters to the setWizardCfg CGI function. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier to exploitation. The CVSS 4.0 score of 8.9 reflects network-accessible attack vector with no authentication or user interaction required, enabling full compromise of router confidentiality, integrity, and availability.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6141 LOW PATCH Monitor

OS command injection in danielmiessler Personal_AI_Infrastructure up to version 2.3.0 allows authenticated remote attackers to execute arbitrary system commands via a malicious URL parameter in the parse_url.ts parser tool. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor released a patched version promptly after disclosure.

Command Injection Personal Ai Infrastructure
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-6140 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted FileName parameter to the UploadFirmwareFile function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with network attack vector, no privileges required, and complete system compromise possible. Publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis. EPSS data not provided, but combination of critical CVSS, unauthenticated remote vector, and public exploit indicates high real-world exploitation risk.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6139 HIGH POC This Week

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the FileName parameter in UploadOpenVpnCert function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC on GitHub), enabling trivial exploitation with no authentication required. CVSS 9.8 (Critical) reflects network-based attack vector with low complexity and no privileges needed. No vendor-released patch identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6138 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via a crafted MAC address parameter to the setAccessDeviceCfg function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with publicly available exploit code on GitHub. No authentication, low complexity, network-exploitable. EPSS and KEV data not available, but public POC significantly lowers exploitation barrier for opportunistic attacks against internet-exposed router management interfaces.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-29955 HIGH This Week

The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.

Command Injection RCE Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6132 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setLedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (GitHub), making this vulnerability immediately weaponizable with CVSS 9.8 (Critical). EPSS data not available, but no CISA KEV listing indicates no confirmed widespread exploitation despite POC availability.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6131 HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the setTracerouteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists on GitHub, significantly lowering the attack barrier. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required indicates maximum exploitability. While not confirmed in CISA KEV, the public POC makes this an immediate patching priority for affected devices.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6130 MEDIUM POC This Month

OS command injection in chatboxai chatbox up to version 1.20.0 allows remote attackers to execute arbitrary system commands by manipulating the args/env parameters in the StdioClientTransport component of the Model Context Protocol Server Management System. The vulnerability has a publicly available proof-of-concept exploit and affects the IPC stdio transport mechanism that handles subprocess spawning without proper input sanitization. While the vendor was notified early, no patch has been released as of the analysis date.

Command Injection Chatbox
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-6118 LOW POC Monitor

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to execute arbitrary system commands via the command parameter. Versions up to 4.22.1 are affected. The vulnerability is publicly disclosed with exploit code available on GitHub, and the vendor has not released a patch despite early notification.

Command Injection Astrbot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-6116 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted requests to the /cgi-bin/cstecgi.cgi endpoint. The vulnerability resides in the setDiagnosisCfg function's insufficient validation of the 'ip' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 9.8 (Critical) reflects network-accessible, low-complexity attack requiring no authentication. No vendor-released patch identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6115 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware (version 7.4cu.2313_b20191024) allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setAppCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing indicates targeted campaigns have not been observed at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6114 HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. CVSS 9.8 (Critical) reflects network-accessible attack requiring no authentication or user interaction.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6113 HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the ttyEnable parameter in the setTtyServiceCfg function of /cgi-bin/cstecgi.cgi. Public exploit code is available (GitHub POC published). CVSS 9.8 critical severity with network vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis, representing immediate risk to internet-facing devices.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6112 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the CGI interface. The setRadvdCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the maxRtrAdvInterval parameter, enabling command injection through crafted HTTP requests. Publicly available exploit code exists on GitHub, significantly lowering exploitation barriers. CVSS 9.8 critical rating reflects network-accessible attack vector with no authentication or user interaction required, enabling full system compromise.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6108 LOW POC Monitor

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.

Command Injection Maxkb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-4157 HIGH This Week

Remote code execution via command injection in ChargePoint Home Flex electric vehicle charging stations allows unauthenticated network-adjacent attackers to execute arbitrary commands as root. The vulnerability resides in the revssh service's handling of OCPP (Open Charge Point Protocol) messages, where unsanitized user-supplied strings are passed directly to system calls. No authentication is required, but the attacker must be on the same network segment as the charging device. No public exploit identified at time of analysis.

RCE Command Injection Home Flex
NVD VulDB
CVSS 3.0
7.5
EPSS
0.2%
CVE-2026-5059 PyPI CRITICAL GHSA Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via command injection in the allowed commands list handler. The vulnerability stems from improper validation of user-supplied strings before system call execution, enabling attackers to run code in the MCP server context with no authentication required. EPSS score of 1.01% (77th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

RCE Command Injection Aws Mcp Server
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-5058 CRITICAL Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via improper validation of the allowed commands list. The command injection flaw (CWE-78) enables system call execution without authentication barriers. With a CVSS score of 9.8 (critical severity) and EPSS probability of 1.01% (77th percentile), this represents a high-severity vulnerability with moderate real-world exploitation likelihood. No public exploit identified at time of analysis, and no active exploitation confirmed.

RCE Command Injection Aws Mcp Server
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-32892 CRITICAL PATCH Act Now

OS command injection in Chamilo LMS 1.x (prior to 1.11.38) and 2.0.0-RC.x (prior to RC.3) allows authenticated teacher-role users to execute arbitrary system commands via unsanitized file path parameters. The move() function in fileManage.lib.php concatenates user-controlled move_to POST values directly into exec() shell commands without proper escaping. Any authenticated user can exploit this by creating a course (enabled by default), uploading a directory with shell metacharacters via Course Backup Import, then moving a document to trigger command execution as www-data. No public exploit identified at time of analysis.

PHP Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-6029 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the User parameter in setVpnAccountCfg function at /cgi-bin/cstecgi.cgi endpoint. CVSS 9.8 critical severity with publicly available exploit code documented on GitHub. No authentication, low complexity, network-accessible attack vector enables full system compromise with high confidentiality, integrity, and availability impact.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6028 HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise. Attackers exploit the setPptpServerCfg function in /cgi-bin/cstecgi.cgi CGI handler by injecting malicious commands through the 'enable' parameter. CVSS 9.8 critical severity reflects network-accessible attack requiring no privileges or user interaction. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers seeking router takeover, data exfiltration, or network pivoting.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6027 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction, granting complete device compromise with potential for lateral network movement. Publicly available exploit code exists (GitHub POC). CVSS 9.8 severity reflects network-accessible attack vector with no privilege requirements.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6026 HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands. The vulnerability resides in the setPortalConfWeChat function within /cgi-bin/cstecgi.cgi, exploitable by manipulating the 'enable' parameter. CVSS 9.8 severity reflects network-accessible attack vector requiring no authentication or user interaction, with full system compromise potential. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers targeting vulnerable router deployments.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-6025 HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows arbitrary command execution via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Attackers exploit the 'enable' parameter without authentication to achieve full system compromise. CVSS 9.8 critical severity reflects network accessibility, no complexity barriers, and complete confidentiality/integrity/availability impact. Publicly available exploit code exists, significantly lowering attack barrier for opportunistic scanning campaigns targeting consumer routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5997 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the admpass parameter in setLoginPasswordCfg function of /cgi-bin/cstecgi.cgi. Network-accessible with no user interaction required. Publicly available exploit code exists. CVSS 9.8 critical severity reflects complete system compromise potential.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5996 HIGH POC This Week

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the tty_server parameter in the setAdvancedInfoShow function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity reflects network-accessible exploitation requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can achieve full system compromise including data exfiltration, configuration tampering, and denial of service against affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5995 HIGH POC This Week

OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via malicious lan_info parameter to setMiniuiHomeInfoShow function in /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. Publicly available exploit code exists. Complete compromise of confidentiality, integrity, and availability achievable through CGI handler manipulation.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5994 HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 via unauthenticated manipulation of telnet_enabled parameter in setTelnetCfg function. Critical CVSS 9.8 score reflects network-accessible attack requiring no authentication or user interaction, enabling full system compromise. Publicly available exploit code exists. Impacts router confidentiality, integrity, and availability with potential for complete device takeover and lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5993 HIGH POC This Week

Unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows remote attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiGuestCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Successful exploitation enables complete device compromise with high impact to confidentiality, integrity, and availability.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-33791 HIGH PATCH This Week

Command injection in Juniper Networks Junos OS and Junos OS Evolved CLI processing allows high-privileged local attackers to execute arbitrary shell commands as root through crafted 'set system' arguments, enabling complete system compromise. Affects all versions before multiple fixed releases across both operating systems. Authentication required (high-privileged local access). No public exploit identified at time of analysis.

Juniper Command Injection
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-21915 HIGH PATCH This Week

Command injection in Juniper Networks Support Insights Virtual Lightweight Collector (JSI vLWC) CLI enables local high-privileged attackers to escalate privileges to root. Inadequate input validation in the CLI menu permits shell command injection, with injected commands executing at root level. All JSI vLWC versions before 3.0.94 affected. CVSS 8.4 (High severity, local vector). Requires high-level existing privileges (PR:H). No public exploit identified at time of analysis.

Juniper Command Injection Jsi Lwc
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-40111 PyPI CRITICAL PATCH GHSA Act Now

Command injection in PraisonAIAgents memory hooks executor allows authenticated local attackers to execute arbitrary shell commands through unsanitized user input passed to subprocess.run() with shell=True. Affects versions prior to 1.5.128. Two attack vectors exist: direct exploitation via hook configuration (pre_run_command/post_run_command) and automated exploitation through .praisonai/hooks.json lifecycle hooks (BEFORE_TOOL/AFTER_TOOL). Agent prompt injection enables persistent compromise by overwriting hooks.json, executing payloads silently at every lifecycle event without user interaction. No public exploit identified at time of analysis.

Command Injection Praisonaiagents
NVD GitHub
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-5978 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. Attackers can achieve complete device compromise with high impact to confidentiality, integrity, and availability of the router. No authentication required for exploitation (CVSS PR:N).

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5977 HIGH POC This Week

Remote OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi. This vulnerability enables complete device compromise with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists. No CISA KEV listing identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5976 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted sambaEnabled parameter in setStorageCfg function of /cgi-bin/cstecgi.cgi CGI handler. Publicly available exploit code exists. Network-reachable attack vector requires no user interaction, enabling full system compromise of affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5975 HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the wanIdx parameter in the setDmzCfg function within /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with attack complexity low, no privileges required, and no user interaction. Publicly available exploit code exists. Exploitation enables complete compromise of device confidentiality, integrity, and availability with total technical impact.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.9%
CVE-2026-5974 PyPI MEDIUM PATCH GHSA This Month

Remote command injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated network attackers to execute arbitrary OS commands via the Bash.run function in metagpt/tools/libs/terminal.py. The vulnerability has a CVSS score of 6.9 with network-accessible attack vector and low complexity, and matches CISA SSVC criteria for partial technical impact with automatable exploitation; a proof-of-concept exists but no confirmed active exploitation has been reported.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2026-5973 PyPI MEDIUM POC PATCH GHSA This Month

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5972 PyPI MEDIUM POC PATCH This Month

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.

Command Injection Metagpt
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-5854 HIGH POC This Week

OS command injection in Totolink A7100RU router 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'merge' parameter in setWiFiEasyCfg function within /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity. Publicly available exploit code exists. Attack requires no authentication or user interaction, enabling complete system compromise including data exfiltration, configuration tampering, and denial of service.

Command Injection A7100Ru
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH Act Now

Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.

Command Injection Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Bypass of Windows Driver Signature Enforcement in Veeam Backup and Replication 12.x and Software Appliance 13.x allows local administrators to load unsigned kernel drivers, potentially enabling persistent kernel-level compromise. The vulnerability requires high-level administrative privileges and is not actively exploited in the wild; however, EPSS scoring (0.01%) suggests this is a low-probability exploitation target despite the high CVSS score, indicating the attack scenario is constrained by strict privilege and configuration requirements.

Command Injection Microsoft Backup And Replication +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Command execution in JetBrains Junie before version 252.549.29 allows local attackers to execute arbitrary commands by crafting malicious project files, requiring user interaction to open the file. The vulnerability affects all Junie versions prior to the patched release and exploits unsafe handling of project file content without proper sanitization.

Command Injection Junie
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 and specific LTS releases (8.3.1.0-8.3.1.20, 7.13.1.0-7.13.1.60) contain an OS command injection vulnerability (CWE-78) that allows high-privileged local attackers to execute arbitrary commands with root privileges. The vulnerability stems from improper neutralization of special elements in OS commands, with a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact but constrained by local access and high privilege requirements.

Dell Command Injection
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0, LTS2025 releases 8.3.1.0-8.3.1.20, and LTS2024 releases 7.13.1.0-7.13.1.60 allow local high-privileged attackers to execute arbitrary OS commands with root privileges via improper neutralization of special elements in command construction (OS command injection). No public exploit code or active exploitation has been identified at the time of analysis, but the vulnerability affects critical backup and disaster recovery infrastructure with direct root access potential.

Dell Command Injection
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerProtect Data Domain versions 7.7.1.0-8.7.0.0, LTS2025 8.3.1.0-8.3.1.20, and LTS2024 7.13.1.0-7.13.1.60 allow OS command injection via improper neutralization of special elements in OS commands. A high-privileged local attacker can execute arbitrary commands with root privileges by exploiting this vulnerability, enabling complete system compromise.

Dell Command Injection
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

OS command injection in Wavlink WL-WN530H4 router's internet.cgi endpoint allows authenticated attackers with high privileges to execute arbitrary system commands remotely. The vulnerability, affecting firmware version 20220721, resides in unsafe use of strcat/snprintf functions handling user input. Public exploit code exists (EPSS risk elevated by POC availability), though exploitation requires administrative credentials (PR:H), limiting automated mass exploitation. Vendor-released firmware patch 2026.04.16 available.

Command Injection Wl Wn530H4
NVD VulDB GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Command injection in Dell PowerProtect Data Domain allows high-privileged local attackers to execute arbitrary commands and gain root-level access across Feature Release versions 7.7.1.0-8.5, LTS2025 versions 8.3.1.0-8.3.1.20, and LTS2024 versions 7.13.1.0-7.13.1.50. The vulnerability requires local access and elevated privileges (PR:H), limiting exploitation scope to authenticated administrative users with shell or console access. No public exploit or active exploitation has been identified at the time of analysis.

Dell Command Injection
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Command injection in Dell PowerProtect Data Domain DD OS versions 7.7.1.0-8.5 (Feature), 8.3.1.0-8.3.1.20 (LTS2025), and 7.13.1.0-7.13.1.50 (LTS2024) enables authenticated administrators with remote access to execute arbitrary commands as root. Dell DSA-2026-060 confirms patches in DD OS 8.6.0.0, 8.3.1.30, and 7.13.1.50. EPSS score of 0.05% (15th percentile) suggests low widespread exploitation risk despite network attack vector; no public exploit identified, CVSS 7.2 reflects high-privilege requirement limiting attack surface to compromised admin accounts or insider threats.

Dell Command Injection
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.

Command Injection Cubecart
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Command Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

### Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. ### Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP using stdio, the user can add any command, even though your code have input sanitization checks such as validateCommandInjection and validateArgsForLocalFileAccess, and a list of predefined specific safe commands - these commands, for example "npx" can be combined with code execution arguments ("-c touch /tmp/pwn") that enable direct code execution on the underlying OS. https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L223 https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L177 https://github.com/FlowiseAI/Flowise/blob/d848baeb6bd9737a1e7fc912349c45fbdcc7bb38/packages/components/nodes/tools/MCP/core.ts#L269 ### PoC Create a new Custom MCP and add an "npx -c" command. ``` { "command": "npx", "args": [ "-c", "touch /tmp/pwn" ] } ``` <img width="358" height="628" alt="Screenshot 2026-01-12 at 18 32 37" src="https://github.com/user-attachments/assets/d95c1ae2-23a7-4afe-b586-722003baf50e" /> ### Impact This is an authenticated arbitrary command execution due to unsanitized input, even though the input is sanitized, more protections should be added in order to close ways for attackers to execute arbitrary commands.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Command injection in radare2's rabin2 PDB parser allows local attackers to execute arbitrary commands when the tool is compiled without SSL support on UNIX systems. The vulnerability (CWE-78) affected a narrow window between commits 01ca2f6 and 9236f44 (post-6.1.2, pre-6.1.3), spanning less than one week in the development timeline. CVSS 7.4 (HIGH) reflects local attack vector with high complexity but no authentication required. No active exploitation confirmed (not in CISA KEV), though publicly available exploit code exists. EPSS data not provided. Fixed in commit 9236f44a28 per GitHub PR #25651.

Command Injection Suse
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

OS Command Injection in HGiga iSherlock-base and iSherlock-audit versions 4.5 and 5.5 allows remote unauthenticated attackers to execute arbitrary operating system commands on the server with full system privileges. All four product variants (iSherlock-base-4.5, iSherlock-audit-4.5, iSherlock-base-5.5, iSherlock-audit-5.5) are affected in versions below build 476 (base) and 261 (audit). Vendor-released patch available per Taiwan CERT (TWCERT) advisory. CVSS 4.0 score of 10.0 reflects maximum severity with network attack vector, no authentication required, and high impact to all CIA triad properties including scope change. No public exploit identified at time of analysis.

Command Injection Isherlock Base 4 5 Isherlock Audit 4 5 +2
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote command injection in OpenHarness gateway handler allows authenticated remote chat users to execute administrative commands like /permissions full_auto without authorization, escalating privileges to modify security controls of running instances. Vulnerability exploits insufficient command validation in chat interface. Fixed in commit dd1d235. CVSS 8.7 (High) with network attack vector and low complexity. EPSS data unavailable; not listed in CISA KEV. VulnCheck advisory and GitHub patch available.

Authentication Bypass Command Injection Openharness
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.

Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +2
NVD VulDB
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Command injection in radare2's PDB parser (versions <6.1.4) enables arbitrary command execution when analysts process maliciously crafted PE/PDB files containing newline bytes in section header names. Attack requires local file access and user interaction (opening the file with radare2's idp command). Publicly available exploit exists with EPSS score of 0.07% (22nd percentile), indicating low likelihood of mass exploitation but significant risk for targeted attacks against reverse engineers and malware analysts who routinely examine untrusted binaries.

Command Injection Radare2
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

PHP Command Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.

Command Injection RCE Node.js
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Command Injection RCE
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system.

Command Injection RCE
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Command Injection RCE
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands on behalf of the user, persist malicious MCP configuration changes, and access sensitive information exposed through the application.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c

Information Disclosure RCE Apple +7
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Command injection in Podman's HyperV machine backend allows local administrators with high privileges to execute arbitrary PowerShell commands at SYSTEM level on Windows hosts by crafting a malicious VM image path containing PowerShell subexpression syntax. The vulnerability affects Podman v4 and v5 on Windows only; a vendor patch is available via commit 571c842.

Command Injection RCE Microsoft
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command injection in Chamilo LMS prior to 2.0.0-RC.3 allows authenticated attackers to execute arbitrary system commands via session poisoning of the course ID parameter. Attackers with low-privilege accounts can manipulate the $_SESSION['_cid'] variable to inject shell metacharacters into shell_exec() calls in the gradebook certificate export functionality, achieving full system compromise. CVSS 8.8 (High) with network attack vector and low complexity. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub advisory. EPSS data not available for this recent CVE.

PHP Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host management permissions to execute arbitrary OS commands on the monitoring backend via command injection in host address fields. The vulnerability stems from unsanitized user input being expanded into Nagios/Icinga monitoring command templates and executed via shell, enabling full system compromise. CVSS score of 8.8 reflects network-accessible attack with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed CVE.

Command Injection RCE Openitcockpit
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Command injection in Composer's Perforce integration allows arbitrary code execution when processing malicious composer.json files. Attackers controlling VCS repository configuration can inject shell commands via unsanitized Perforce connection parameters (port, user, client), which execute even without Perforce installed. CVSS 7.8 (High) with local attack vector requiring user interaction. Affects Composer versions before 2.2.27 and 2.9.6. Exploitation requires victim to run Composer commands on attacker-controlled project root composer.json, limiting scope to supply chain or social engineering scenarios. No KEV listing or public POC identified at time of analysis, but exploitation barrier is low once malicious config is introduced.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection in Composer's Perforce integration allows remote code execution when installing packages from malicious repositories. The vulnerability exists in versions before 2.2.27 and 2.9.6, affecting all users who install dependencies from source (--prefer-source or dev versions) regardless of whether Perforce is installed. Attackers can inject shell commands through crafted source references or connection parameters in package metadata served by compromised Composer repositories. CVSS 8.8 (High) with network attack vector, low complexity, and no authentication required (though user interaction is needed). No confirmed active exploitation (CISA KEV), but publicly available exploit code exists per GitHub advisory disclosure.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Command injection in Windows Snipping Tool allows local code execution when an unauthorized attacker convinces a user to open a specially crafted file. This vulnerability affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025), requiring user interaction but no authentication (PR:N). No public exploit identified at time of analysis, though the local attack vector and user interaction requirement limit immediate remote threat. CVSS 7.8 reflects high impact ac

Command Injection Microsoft
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH Exploit Unlikely This Month

Command injection in GitHub Copilot Chat Extension for Visual Studio Code allows authenticated attackers with user interaction to disclose sensitive information over a network. The vulnerability affects CoPilot Chat Extension versions before 0.37.3 and requires an authorized user to interact with a crafted prompt or input. Microsoft has released a patched version (0.37.3) to remediate this CWE-77 command injection flaw.

Command Injection Microsoft Visual Studio Code Copilot Chat Extension
NVD VulDB
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

OS command injection in Fortinet FortiSandbox 4.4.0-4.4.8 and FortiSandbox PaaS versions 21.3-23.4 enables remote unauthenticated attackers to execute arbitrary system commands with complete system compromise. CVSS 9.8 (network, low complexity, no privileges) but EPSS 0.29% (53rd percentile) suggests limited real-world exploitation observed despite maximum severity score. No active exploitation confirmed (not in CISA KEV). SSVC framework classifies as automatable with total technical impact but no known exploitation. Fortinet PSIRT advisory FG-IR-26-100 available but description incomplete (missing attack vector specifics).

Fortinet Command Injection Fortisandbox +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary command and code execution in PraisonAI's workflow engine (versions <4.5.139) and praisonaiagents (<1.5.140) allows remote unauthenticated attackers to execute shell commands and Python code through malicious YAML workflow files. The vulnerability stems from unsafe processing of 'run:', 'script:', and 'python:' directives in job-type workflows without validation or sandboxing. With a critical CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interac

RCE Command Injection Python
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted URLs containing '%action' patterns. All CPython versions prior to 3.15.0 are affected, allowing local attackers with user interaction to execute arbitrary commands through underlying shell injection. EPSS probability is low (0.02%, 5th percentile), no active exploitation confirmed (not in CISA KEV), but publicly available patches exist via multiple GitHub commits. The incomplete mitigation highlights the challenge of securing browser-handling code across diverse browser implementations.

Command Injection Cpython
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Critical command injection in Ubiquiti UniFi Play PowerAmp and Audio Port allows remote unauthenticated attackers to execute arbitrary commands with network access to the device management interface. Affects PowerAmp versions ≤1.0.35 and Audio Port versions ≤1.0.24. CVSS 9.8 critical severity reflects network-accessible attack with no authentication barriers. EPSS score of 0.08% (24th percentile) suggests low immediate exploitation probability despite critical scoring. Vendor-released patches av

Command Injection Ubiquiti
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

Command Injection Ytdownloader
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary operating system commands via the admpass parameter in the setPasswordCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (CVSS 8.9, EPSS 0.89% / 76th percentile, SSVC: POC/automatable/total impact). Not listed in CISA KEV; real-world exploitation status unconfirmed beyond POC publication.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Command Injection Docker +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Command injection in simple-git npm package versions ≤3.28.0 enables arbitrary code execution via crafted Git options. Attackers who control Git command options can bypass the allowUnsafePack safety restriction using malformed variations of the -u flag (e.g., -vu, -4u, --u) to execute shell commands on Linux systems. This vulnerability stems from an incomplete fix for CVE-2022-25860, with proof-of-concept code publicly available demonstrating file creation via touch command. EPSS data not provid

Command Injection Docker Microsoft
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 enables high-privileged remote attackers to execute arbitrary operating system commands through the Event Response execution functionality. While requiring administrative credentials (PR:H), successful exploitation grants extensive system access with high confidentiality and integrity impact. No public exploit identified at time of analysis, though the specific attack vector through Event Response features provides a clear exploitation pathway for authenticated administrators or compromised admin accounts.

Command Injection Pandora Fms
NVD
EPSS 0% CVSS 8.7
HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the WebServerModuleDebug component. With low attack complexity and no user interaction required, attackers with low-level privileges can achieve high confidentiality and integrity impact on the vulnerable system, plus limited impact on connected systems (CVSS 8.7). No public exploit identified at time of analysis, though the vulnerability has medium remediation effort according to CVSS 4.0 metadata.

Command Injection Pandora Fms
NVD
EPSS 1% CVSS 8.7
HIGH This Week

OS command injection in Pandora FMS versions 777 through 800 allows authenticated remote attackers to execute arbitrary system commands via the Network Report functionality. The vulnerability stems from improper input sanitization of special elements used in OS commands. With CVSS 8.7 (HIGH) severity and network-accessible attack vector requiring only low privileges, this poses significant risk to monitoring infrastructure despite no confirmed active exploitation (not in CISA KEV) or public exploit code at time of analysis.

Command Injection Pandora Fms
NVD
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Remote code execution in LibreNMS network monitoring platform (versions prior to 26.3.0) allows authenticated administrators to execute arbitrary commands on the underlying web server by manipulating Binary Locations configuration settings combined with the Netcommand feature. This authenticated attack requires administrative privileges but has publicly available exploit code, enabling straightforward weaponization. CVSS 8.5 severity reflects high confidentiality and integrity impact with network-based attack vector and low complexity.

Command Injection RCE Librenms
NVD GitHub VulDB
EPSS 2% CVSS 5.5
MEDIUM POC This Month

Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.

Command Injection N300Rh
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the Comment parameter in the setIpQosRules function exposed through /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with network attack vector, low complexity, and no privileges required. Publicly available exploit code exists (GitHub POC published), significantly lowering the exploitation barrier for opportunistic attackers targeting vulnerable devices.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313 allows unauthenticated remote attackers to execute arbitrary system commands via the pppoeServiceName parameter in the setWanCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub POC), enabling trivial remote compromise with high impact on confidentiality, integrity, and availability. CVSS 8.9 (Critical) with network attack vector, low complexity, and no authentication required. SOHO router vulnerabilities like this are commonly targeted for botnet recruitment and lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted wizard parameters to the setWizardCfg CGI function. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier to exploitation. The CVSS 4.0 score of 8.9 reflects network-accessible attack vector with no authentication or user interaction required, enabling full compromise of router confidentiality, integrity, and availability.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW PATCH Monitor

OS command injection in danielmiessler Personal_AI_Infrastructure up to version 2.3.0 allows authenticated remote attackers to execute arbitrary system commands via a malicious URL parameter in the parse_url.ts parser tool. The vulnerability requires low-privilege authentication and has publicly available exploit code; the vendor released a patched version promptly after disclosure.

Command Injection Personal Ai Infrastructure
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted FileName parameter to the UploadFirmwareFile function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with network attack vector, no privileges required, and complete system compromise possible. Publicly available exploit code exists (GitHub POC). No vendor-released patch identified at time of analysis. EPSS data not provided, but combination of critical CVSS, unauthenticated remote vector, and public exploit indicates high real-world exploitation risk.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the FileName parameter in UploadOpenVpnCert function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC on GitHub), enabling trivial exploitation with no authentication required. CVSS 9.8 (Critical) reflects network-based attack vector with low complexity and no privileges needed. No vendor-released patch identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via a crafted MAC address parameter to the setAccessDeviceCfg function in /cgi-bin/cstecgi.cgi. CVSS 9.8 (Critical) with publicly available exploit code on GitHub. No authentication, low complexity, network-exploitable. EPSS and KEV data not available, but public POC significantly lowers exploitation barrier for opportunistic attacks against internet-exposed router management interfaces.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value.

Command Injection RCE Code Injection
NVD GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setLedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (GitHub), making this vulnerability immediately weaponizable with CVSS 9.8 (Critical). EPSS data not available, but no CISA KEV listing indicates no confirmed widespread exploitation despite POC availability.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the setTracerouteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists on GitHub, significantly lowering the attack barrier. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required indicates maximum exploitability. While not confirmed in CISA KEV, the public POC makes this an immediate patching priority for affected devices.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

OS command injection in chatboxai chatbox up to version 1.20.0 allows remote attackers to execute arbitrary system commands by manipulating the args/env parameters in the StdioClientTransport component of the Model Context Protocol Server Management System. The vulnerability has a publicly available proof-of-concept exploit and affects the IPC stdio transport mechanism that handles subprocess spawning without proper input sanitization. While the vendor was notified early, no patch has been released as of the analysis date.

Command Injection Chatbox
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to execute arbitrary system commands via the command parameter. Versions up to 4.22.1 are affected. The vulnerability is publicly disclosed with exploit code available on GitHub, and the vendor has not released a patch despite early notification.

Command Injection Astrbot
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted requests to the /cgi-bin/cstecgi.cgi endpoint. The vulnerability resides in the setDiagnosisCfg function's insufficient validation of the 'ip' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 9.8 (Critical) reflects network-accessible, low-complexity attack requiring no authentication. No vendor-released patch identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware (version 7.4cu.2313_b20191024) allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setAppCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing indicates targeted campaigns have not been observed at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. CVSS 9.8 (Critical) reflects network-accessible attack requiring no authentication or user interaction.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the ttyEnable parameter in the setTtyServiceCfg function of /cgi-bin/cstecgi.cgi. Public exploit code is available (GitHub POC published). CVSS 9.8 critical severity with network vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis, representing immediate risk to internet-facing devices.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the CGI interface. The setRadvdCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the maxRtrAdvInterval parameter, enabling command injection through crafted HTTP requests. Publicly available exploit code exists on GitHub, significantly lowering exploitation barriers. CVSS 9.8 critical rating reflects network-accessible attack vector with no authentication or user interaction required, enabling full system compromise.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.

Command Injection Maxkb
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote code execution via command injection in ChargePoint Home Flex electric vehicle charging stations allows unauthenticated network-adjacent attackers to execute arbitrary commands as root. The vulnerability resides in the revssh service's handling of OCPP (Open Charge Point Protocol) messages, where unsanitized user-supplied strings are passed directly to system calls. No authentication is required, but the attacker must be on the same network segment as the charging device. No public exploit identified at time of analysis.

RCE Command Injection Home Flex
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via command injection in the allowed commands list handler. The vulnerability stems from improper validation of user-supplied strings before system call execution, enabling attackers to run code in the MCP server context with no authentication required. EPSS score of 1.01% (77th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis.

RCE Command Injection Aws Mcp Server
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote code execution in aws-mcp-server 1.3.0 allows unauthenticated attackers to execute arbitrary commands via improper validation of the allowed commands list. The command injection flaw (CWE-78) enables system call execution without authentication barriers. With a CVSS score of 9.8 (critical severity) and EPSS probability of 1.01% (77th percentile), this represents a high-severity vulnerability with moderate real-world exploitation likelihood. No public exploit identified at time of analysis, and no active exploitation confirmed.

RCE Command Injection Aws Mcp Server
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

OS command injection in Chamilo LMS 1.x (prior to 1.11.38) and 2.0.0-RC.x (prior to RC.3) allows authenticated teacher-role users to execute arbitrary system commands via unsanitized file path parameters. The move() function in fileManage.lib.php concatenates user-controlled move_to POST values directly into exec() shell commands without proper escaping. Any authenticated user can exploit this by creating a course (enabled by default), uploading a directory with shell metacharacters via Course Backup Import, then moving a document to trigger command execution as www-data. No public exploit identified at time of analysis.

PHP Command Injection
NVD GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the User parameter in setVpnAccountCfg function at /cgi-bin/cstecgi.cgi endpoint. CVSS 9.8 critical severity with publicly available exploit code documented on GitHub. No authentication, low complexity, network-accessible attack vector enables full system compromise with high confidentiality, integrity, and availability impact.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables complete system compromise. Attackers exploit the setPptpServerCfg function in /cgi-bin/cstecgi.cgi CGI handler by injecting malicious commands through the 'enable' parameter. CVSS 9.8 critical severity reflects network-accessible attack requiring no privileges or user interaction. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers seeking router takeover, data exfiltration, or network pivoting.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction, granting complete device compromise with potential for lateral network movement. Publicly available exploit code exists (GitHub POC). CVSS 9.8 severity reflects network-accessible attack vector with no privilege requirements.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands. The vulnerability resides in the setPortalConfWeChat function within /cgi-bin/cstecgi.cgi, exploitable by manipulating the 'enable' parameter. CVSS 9.8 severity reflects network-accessible attack vector requiring no authentication or user interaction, with full system compromise potential. Publicly available exploit code exists, significantly lowering exploitation barrier for remote attackers targeting vulnerable router deployments.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Remote unauthenticated OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows arbitrary command execution via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Attackers exploit the 'enable' parameter without authentication to achieve full system compromise. CVSS 9.8 critical severity reflects network accessibility, no complexity barriers, and complete confidentiality/integrity/availability impact. Publicly available exploit code exists, significantly lowering attack barrier for opportunistic scanning campaigns targeting consumer routers.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the admpass parameter in setLoginPasswordCfg function of /cgi-bin/cstecgi.cgi. Network-accessible with no user interaction required. Publicly available exploit code exists. CVSS 9.8 critical severity reflects complete system compromise potential.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the tty_server parameter in the setAdvancedInfoShow function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity reflects network-accessible exploitation requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can achieve full system compromise including data exfiltration, configuration tampering, and denial of service against affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via malicious lan_info parameter to setMiniuiHomeInfoShow function in /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector requiring no privileges or user interaction. Publicly available exploit code exists. Complete compromise of confidentiality, integrity, and availability achievable through CGI handler manipulation.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 via unauthenticated manipulation of telnet_enabled parameter in setTelnetCfg function. Critical CVSS 9.8 score reflects network-accessible attack requiring no authentication or user interaction, enabling full system compromise. Publicly available exploit code exists. Impacts router confidentiality, integrity, and availability with potential for complete device takeover and lateral network movement.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Unauthenticated OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows remote attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiGuestCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Successful exploitation enables complete device compromise with high impact to confidentiality, integrity, and availability.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Command injection in Juniper Networks Junos OS and Junos OS Evolved CLI processing allows high-privileged local attackers to execute arbitrary shell commands as root through crafted 'set system' arguments, enabling complete system compromise. Affects all versions before multiple fixed releases across both operating systems. Authentication required (high-privileged local access). No public exploit identified at time of analysis.

Juniper Command Injection
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Command injection in Juniper Networks Support Insights Virtual Lightweight Collector (JSI vLWC) CLI enables local high-privileged attackers to escalate privileges to root. Inadequate input validation in the CLI menu permits shell command injection, with injected commands executing at root level. All JSI vLWC versions before 3.0.94 affected. CVSS 8.4 (High severity, local vector). Requires high-level existing privileges (PR:H). No public exploit identified at time of analysis.

Juniper Command Injection Jsi Lwc
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Command injection in PraisonAIAgents memory hooks executor allows authenticated local attackers to execute arbitrary shell commands through unsanitized user input passed to subprocess.run() with shell=True. Affects versions prior to 1.5.128. Two attack vectors exist: direct exploitation via hook configuration (pre_run_command/post_run_command) and automated exploitation through .praisonai/hooks.json lifecycle hooks (BEFORE_TOOL/AFTER_TOOL). Agent prompt injection enables persistent compromise by overwriting hooks.json, executing payloads silently at every lifecycle event without user interaction. No public exploit identified at time of analysis.

Command Injection Praisonaiagents
NVD GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. Attackers can achieve complete device compromise with high impact to confidentiality, integrity, and availability of the router. No authentication required for exploitation (CVSS PR:N).

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

Remote OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi. This vulnerability enables complete device compromise with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists. No CISA KEV listing identified at time of analysis.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via crafted sambaEnabled parameter in setStorageCfg function of /cgi-bin/cstecgi.cgi CGI handler. Publicly available exploit code exists. Network-reachable attack vector requires no user interaction, enabling full system compromise of affected routers.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the wanIdx parameter in the setDmzCfg function within /cgi-bin/cstecgi.cgi. CVSS 8.9 (Critical) with attack complexity low, no privileges required, and no user interaction. Publicly available exploit code exists. Exploitation enables complete compromise of device confidentiality, integrity, and availability with total technical impact.

Command Injection A7100Ru
NVD VulDB GitHub
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

Remote command injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated network attackers to execute arbitrary OS commands via the Bash.run function in metagpt/tools/libs/terminal.py. The vulnerability has a CVSS score of 6.9 with network-accessible attack vector and low complexity, and matches CISA SSVC criteria for partial technical impact with automatable exploitation; a proof-of-concept exists but no confirmed active exploitation has been reported.

Command Injection Metagpt
NVD VulDB GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Command Injection Metagpt
NVD VulDB GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.

Command Injection Metagpt
NVD VulDB GitHub
EPSS 0% CVSS 8.9
HIGH POC This Week

OS command injection in Totolink A7100RU router 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'merge' parameter in setWiFiEasyCfg function within /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity. Publicly available exploit code exists. Attack requires no authentication or user interaction, enabling complete system compromise including data exfiltration, configuration tampering, and denial of service.

Command Injection A7100Ru
NVD VulDB GitHub
Prev Page 10 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy