Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2026-25817 HIGH This Week

HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.

RCE Command Injection Code Injection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-32260 Cargo HIGH PATCH This Week

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

Command Injection Deno Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-26793 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-3841 HIGH This Week

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

Command Injection TP-Link
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2026-26795 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26792 CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26791 CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-28384 This Week

unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 versions up to 6.6 is affected by os command injection.

Command Injection
NVD GitHub VulDB
EPSS
0.1%
CVE-2026-3964 LOW Monitor

A weakness has been identified in OpenAkita versions up to 1.24.3. is affected by command injection (CVSS 5.3).

Command Injection
NVD VulDB
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-3959 LOW Monitor

Command injection in 0xKoda WireMCP's Tshark CLI command handler allows local attackers with user privileges to execute arbitrary operating system commands through the server.tool function in index.js. Public exploit code exists for this vulnerability, though no patch is currently available. The impact is limited to local attack scenarios with potential for unauthorized code execution and system compromise.

Command Injection
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-31975 npm CRITICAL PATCH Act Now

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-31862 npm CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-31854 HIGH This Week

Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.

Command Injection Cursor
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20163 HIGH This Week

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.

Command Injection Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-20040 HIGH This Week

Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability.

Cisco Apple Command Injection Ios Xr
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70082 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection RCE Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67041 CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32063 npm HIGH PATCH This Week

OpenClaw versions prior to 2026.2.21 allow local attackers with limited privileges to inject arbitrary systemd directives through unvalidated environment variables in unit file generation, enabling command execution with gateway service privileges. By manipulating config.env.vars and triggering service installation or restart, an attacker can bypass Environment= line constraints via newline injection to achieve arbitrary code execution. No patch is currently available for this command injection vulnerability.

Command Injection Openclaw
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-3943 MEDIUM This Month

Command injection in H3C ACG1000-AK230 through the /webui/?aaa_portal_auth_local_submit endpoint allows unauthenticated remote attackers to execute arbitrary commands by manipulating the suffix parameter. Public exploit code exists for this vulnerability, which affects versions up to 20260227 with no patch currently available. The vulnerability carries a CVSS score of 7.3 and provides attackers with partial access to confidentiality, integrity, and availability.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2024-14026 HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]

Qnap Command Injection Quts Hero Qts
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-23816 HIGH This Week

Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.

Command Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-23815 HIGH This Week

Authenticated administrators of AOS-CX Switches can inject arbitrary commands through a custom binary in the CLI, potentially compromising switch integrity and network operations. This high-privilege attack requires valid credentials and direct network access but carries no patch availability, leaving affected deployments at persistent risk.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-23814 HIGH This Week

Authenticated remote attackers can execute arbitrary commands through malformed parameters in AOS-CX CLI commands, achieving remote code execution with high integrity and confidentiality impact. The vulnerability affects low-privileged users on networked systems and requires no user interaction to exploit. No patch is currently available for this command injection flaw.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28292 npm CRITICAL POC PATCH GHSA Act Now

simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.

Node.js RCE Command Injection Simple Git
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-3854 HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-2339 HIGH This Week

TUBITAK BILGEM Software Technologies Research Institute Liderahenk is affected by missing authentication for critical function (CVSS 7.5).

Command Injection Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-25836 HIGH This Week

Fortinet FortiSandbox Cloud 5.0.4 contains an OS command injection vulnerability that allows privileged super-admin users with CLI access to execute arbitrary code through malicious HTTP requests. The vulnerability requires high privileges and direct access but carries high impact including confidentiality, integrity, and availability compromise. No patch is currently available.

Fortinet Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-25573 HIGH CISA Act Now

Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.

Command Injection Sicam Siapp Sdk
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-66178 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. [CVSS 7.2 HIGH]

Fortinet Command Injection Fortiweb
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-41709 CRITICAL Act Now

A Siemens product has a command injection vulnerability enabling remote code execution.

Command Injection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26982 MEDIUM PATCH This Month

Ghostty terminal emulator allows control characters embedded in pasted or drag-and-dropped text to execute arbitrary commands in certain shell environments, requiring only user interaction to trigger. An attacker can craft malicious text with invisible control sequences that, when copied/pasted by a user, execute unintended commands with the user's privileges. No patch is currently available for this vulnerability.

Command Injection Ghostty Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-25041 npm HIGH PATCH This Week

Command injection in Budibase 3.23.22 and earlier allows authenticated attackers with high privileges to execute arbitrary system commands by injecting malicious values into PostgreSQL connection parameters that are unsanitized in shell command construction. An attacker with administrative access can exploit this vulnerability to gain complete control over the underlying server hosting the Budibase instance. No patch is currently available for this vulnerability.

PostgreSQL Command Injection Budibase
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-70039 CRITICAL Act Now

OS command injection in Linagora Twake v2023.Q1.1223 allows unauthenticated remote code execution.

Command Injection Twake
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-15568 HIGH This Week

Command injection in TP-Link Archer AXE75 router's web module allows authenticated adjacent-network attackers to execute arbitrary code with root privileges when configured in Access Point mode (sysmode=ap). Affects hardware versions v1.6 and v1.0 running firmware through 1.3.2 Build 20250107. EPSS score of 0.13% (32nd percentile) suggests limited observed exploitation attempts, and no public exploit code or CISA KEV listing identified at time of analysis. Attack requires high-privilege authentication and adjacent network position, limiting opportunistic exploitation but creating significant risk in environments with compromised or malicious insiders.

RCE Command Injection Archer Axe75 Firmware
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-3798 LOW POC Monitor

Command injection in Comfast CF-AC100 firmware via the ping_config request handler allows remote attackers with high privileges to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Command Injection Comfast Cf Ac100 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-3704 LOW POC Monitor

Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, which stems from an incomplete fix of a prior CVE. A patch is not currently available, though the vendor has been notified and indicated a fix is in development.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-3696 MEDIUM POC This Month

OS command injection in Totolink N300RH firmware allows unauthenticated remote attackers to execute arbitrary commands through the setWiFiWpsConfig function in the CGI handler. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict network access to the device's management interface until a fix is released.

Command Injection N300rh Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
1.4%
CVE-2026-3680 LOW Monitor

Command injection in RyuzakiShinji biome-mcp-server versions up to 1.0.0 allows authenticated remote attackers to execute arbitrary commands through manipulation of the biome-mcp-server.ts file. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be triggered remotely without user interaction.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-30861 Go CRITICAL POC PATCH Act Now

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

RCE Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-3662 LOW POC Monitor

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the Pr_mode parameter in /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-3661 LOW POC Monitor

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the model parameter in the OTA upgrade function. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-25070 CRITICAL Act Now

OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.

RCE Command Injection Zikestor Sks8310 8x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-30227 NuGet MEDIUM POC PATCH This Month

Mimekit versions up to 4.15.1 contains a vulnerability that allows attackers to embed \r\n into the SMTP envelope address local-part (when the local-part is a q (CVSS 5.3).

Command Injection Mimekit
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2026-29783 npm HIGH PATCH This Week

Arbitrary code execution in GitHub Copilot CLI versions <=0.0.422 allows attackers to bypass the agent's shell command safety classifier using bash parameter expansion operators (${var@P}, ${var=value}, ${!var}, and nested $(cmd)/<(cmd)). Attackers influencing agent inputs via prompt injection through repository files, MCP server responses, or user instructions can execute hidden commands disguised as read-only operations on the user's workstation. A detailed proof-of-concept is published in the GHSA advisory; EPSS is low (0.10%, 28th percentile) and the issue is not in CISA KEV, so no public exploit identified at time of analysis beyond the vendor-published PoC.

RCE Command Injection Copilot Command Line Interface
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.1%
CVE-2026-29058 PHP CRITICAL POC PATCH Act Now

Unauthenticated OS command injection in AVideo before 7.0.

Command Injection Avideo Encoder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-29042 Go CRITICAL POC PATCH Act Now

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Command Injection AI / ML Nuclio Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-28507 PHP HIGH PATCH This Week

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

RCE Path Traversal Command Injection Known
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-3612 HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands through the firmware_url parameter in the OTA upgrade function, requiring only high-level privileges to trigger. Public exploit code exists for this vulnerability and no patch is currently available, making it an immediate risk for affected devices.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-28463 npm HIGH PATCH This Week

OpenClaw's exec-approvals feature validates command allowlists before shell expansion but fails to account for expansion during actual execution, enabling authorized users or attackers performing prompt injection to read arbitrary files through glob patterns and environment variables. This arbitrary file disclosure affects systems with host execution enabled in allowlist mode, potentially exposing sensitive data accessible to the gateway or node process. A patch is available to address this command injection vulnerability.

Command Injection Openclaw
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-28287 HIGH This Week

Unauthenticated command injection in FreePBX recordings module (versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4) allows authenticated attackers to execute arbitrary system commands with full system privileges. The vulnerability stems from improper input validation in the recordings functionality, enabling complete compromise of affected FreePBX installations. No patch is currently available.

Command Injection Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28209 HIGH This Week

Unauthenticated command injection in FreePBX versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4 via the ElevenLabs Text-to-Speech integration allows authenticated users with high privileges to execute arbitrary system commands. The vulnerability exists in the recordings module and affects all installations using the vulnerable TTS engine. No patch is currently available, leaving affected systems at risk of full system compromise.

Command Injection AI / ML Freepbx
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-20008 MEDIUM This Month

Insufficient input sanitization in select CLI commands on Cisco Secure Firewall ASA and FTD Software allows authenticated local administrators to execute arbitrary code as root by injecting malicious Lua code. An attacker with valid administrator credentials can craft specially formatted parameters to achieve code execution with elevated privileges. No patch is currently available.

Cisco RCE Command Injection
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-26478 CRITICAL POC Act Now

Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.

Command Injection Tichome Mini Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-59783 HIGH This Week

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]

Command Injection Access Commander
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27441 CRITICAL Act Now

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Command Injection Seppmail
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28774 HIGH POC This Week

Authenticated attackers can achieve remote code execution with root privileges on IDC SFX2100 satellite receiver devices through OS command injection in the web-based Traceroute diagnostic tool. By injecting shell metacharacters into the flags parameter, an attacker can execute arbitrary operating system commands on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available.

Command Injection Sfx2100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-28773 HIGH POC This Week

Authenticated attackers can execute arbitrary OS commands with root privileges on IDC SFX2100 satellite receivers through command injection in the web-based Ping utility, bypassing input filters by using alternate shell metacharacters like the pipe operator. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the web management interface and allows complete system compromise for any authenticated user.

Command Injection Sfx2100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-3485 CRITICAL POC Act Now

Command injection in D-Link DIR-868L via SSDP service. PoC available.

D-Link Command Injection Dir 868l Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-3484 npm MEDIUM POC PATCH This Month

Command injection in PhialsBasement nmap-mcp-server allows authenticated remote attackers to execute arbitrary system commands through the Nmap CLI Command Handler component due to improper input sanitization in child_process.exec. Public exploit code exists for this vulnerability, and affected users should apply the available patch to remediate the risk.

Command Injection Mcp Nmap Server
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-55022 HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-55020 CRITICAL Act Now

Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-67840 HIGH POC This Week

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]

RCE Command Injection Tranzman
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-63911 HIGH POC This Week

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]

Command Injection Tranzman
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-52365 HIGH This Week

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). [CVSS 7.8 HIGH]

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2256 PyPI MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2026-0654 HIGH This Week

Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

TP-Link Command Injection Deco Be25 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-24105 CRITICAL POC Act Now

Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.

Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2026-24101 CRITICAL POC Act Now

Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.

Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-50197 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50196 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-50195 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50194 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50193 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2026-24107 CRITICAL POC Act Now

Tenda W20E router has a code injection vulnerability in usbPartitionName parameter allowing unauthenticated remote code execution with EPSS 1.1%.

Command Injection W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-30044 CRITICAL Act Now

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-28517 CRITICAL POC PATCH Act Now

Remote code execution in openDCIM 23.04 allows unauthenticated attackers to execute arbitrary OS commands as the web server user by poisoning the 'dot' configuration parameter in the database, then triggering execution via report_network_map.php. Public exploit code exists with a documented SQL injection to command injection attack chain. EPSS score of 0.57% (68th percentile) suggests moderate but not widespread exploitation probability, though the publicly available weaponized exploit significantly elevates real-world risk for exposed instances.

PHP Command Injection Opendcim
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-28417 MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28409 CRITICAL POC Act Now

Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.

RCE Authentication Bypass Command Injection Wegia
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2026-21654 CRITICAL Act Now

OS command injection in Johnson Controls Frick Controls Quantum HD allows unauthenticated remote attackers to execute arbitrary commands on industrial refrigeration control systems. CVSS 9.8.

Command Injection Frick Controls Quantum Hd Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0980 Ruby HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-3301 CRITICAL POC Act Now

Command injection in TOTOLINK N300RH router firmware 6.1c.1353 via setDiagnosisCfg handler. EPSS 4.0% with PoC available — high exploitation probability for consumer routers.

Command Injection N300rh Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2026-3037 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the MBird SMS service URL parameters processed during system setup. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro models, with no patch currently available. Exploitation requires high privilege access but carries high impact due to complete system compromise potential.

RCE Command Injection Xweb 500d Pro Firmware Xweb 500b Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25721 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the server username or password fields during restore operations via the API V1 endpoint. The vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges but could compromise the entire system. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25196 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into Wi-Fi SSID or password configuration fields. The vulnerability affects multiple Xweb Pro models (300d, 500b, 500d) and requires high privilege access to exploit, though successful exploitation grants complete system compromise across the network. No patch is currently available.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25105 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the Modbus command tool parameters accessible through the debug route. The vulnerability affects Xweb 300d Pro, 500d Pro, and 500b Pro devices, with a CVSS score of 8.0 indicating high severity. No patch is currently available for this command injection flaw.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25037 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and prior allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads through crafted LCD state configurations that are processed during system initialization. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges to exploit, though the impact extends across connected systems. No patch is currently available for this high-severity vulnerability (CVSS 8.0).

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-24452 HIGH This Week

Remote code execution in Xweb Pro firmware (versions 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by uploading a malicious template file through the devices route. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro models, with no patch currently available. The high CVSS score of 8.0 reflects the severity of achieving code execution with administrative privileges on vulnerable devices.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-23702 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier (affecting Xweb 500b Pro, 500d Pro, and 300d Pro models) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the server username field during the import preconfiguration API action. An attacker with administrative privileges can exploit this OS command injection vulnerability to gain complete system compromise. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 500d Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-20764 HIGH This Week

Authenticated attackers can execute arbitrary OS commands on Xweb Pro devices (versions 1.12.1 and earlier across 300d, 500b, and 500d models) by injecting malicious payloads into the hostname configuration parameter during system setup. This command injection vulnerability grants remote code execution with high privileges on affected systems. No patch is currently available, requiring organizations to implement network access controls or disable affected devices until remediation is released.

RCE Command Injection Xweb 500b Pro Firmware Xweb 500d Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-25195 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by submitting a malicious firmware update file through the update mechanism. The vulnerability affects multiple XWEB Pro models (300d, 500d, and 500b) and requires high-level privileges to exploit. No patch is currently available for this high-severity command injection flaw (CVSS 8.0).

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

HMS Networks' industrial IoT gateways (Ewon Flexy and Cosy+) contain a command injection vulnerability that allows authenticated attackers to execute arbitrary OS commands remotely. This affects Flexy devices before firmware 15.0s4 and Cosy+ devices before 22.1s6 (22.x branch) or 23.0s3 (23.x branch). With a CVSS score of 8.8 but low EPSS of 0.06%, this vulnerability requires valid credentials but enables full system compromise.

RCE Command Injection Code Injection
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.

Command Injection Deno Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has a command injection in the set_config function, adding to the growing list of injection vulnerabilities in this device. This is the fourth distinct command injection CVE for this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

Command Injection TP-Link
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 contains another command injection vulnerability, this time via the module parameter in the M.get_system_log function. Part of a series of command injection flaws in this router model.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 v4.3.11 has multiple command injection vulnerabilities in the set_upgrade function through seven different parameters. Each parameter provides an independent code execution vector on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

GL-iNet GL-AR300M16 router (v4.3.11) is vulnerable to command injection through the string port parameter in the enable_echo_server function. Unauthenticated attackers can execute arbitrary commands on the router.

Command Injection Ar300m16 Firmware
NVD GitHub VulDB
EPSS 0%
This Week

unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 versions up to 6.6 is affected by os command injection.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A weakness has been identified in OpenAkita versions up to 1.24.3. is affected by command injection (CVSS 5.3).

Command Injection
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Command injection in 0xKoda WireMCP's Tshark CLI command handler allows local attackers with user privileges to execute arbitrary operating system commands through the server.tool function in index.js. Public exploit code exists for this vulnerability, though no patch is currently available. The impact is limited to local attack scenarios with potential for unauthorized code execution and system compromise.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

OS command injection in Cloud CLI (Claude Code UI) before 1.25.0. EPSS 0.39%.

Command Injection Cloud Cli
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Command injection in Cloud CLI (Claude Code UI) Git operations before 1.24.0.

Command Injection Cloud Cli
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.

Command Injection Cursor
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.

Command Injection Splunk Splunk Cloud Platform
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability.

Cisco Apple Command Injection +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection RCE Eds3016Ps1Ns Firmware +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Command Injection Eds3016Ps1Ns Firmware Eds3008Ps1Ns Firmware
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

OpenClaw versions prior to 2026.2.21 allow local attackers with limited privileges to inject arbitrary systemd directives through unvalidated environment variables in unit file generation, enabling command execution with gateway service privileges. By manipulating config.env.vars and triggering service installation or restart, an attacker can bypass Environment= line constraints via newline injection to achieve arbitrary code execution. No patch is currently available for this command injection vulnerability.

Command Injection Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Command injection in H3C ACG1000-AK230 through the /webui/?aaa_portal_auth_local_submit endpoint allows unauthenticated remote attackers to execute arbitrary commands by manipulating the suffix parameter. Public exploit code exists for this vulnerability, which affects versions up to 20260227 with no patch currently available. The vulnerability carries a CVSS score of 7.3 and provides attackers with partial access to confidentiality, integrity, and availability.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. [CVSS 7.8 HIGH]

Qnap Command Injection Quts Hero +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated attackers can execute arbitrary OS commands on AOS-CX Switches through improper input validation in the CLI, potentially compromising network infrastructure. This command injection flaw (CWE-78) affects high-privileged users with network access and carries a CVSS score of 7.2, with no patch currently available.

Command Injection RCE
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated administrators of AOS-CX Switches can inject arbitrary commands through a custom binary in the CLI, potentially compromising switch integrity and network operations. This high-privilege attack requires valid credentials and direct network access but carries no patch availability, leaving affected deployments at persistent risk.

Command Injection
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote attackers can execute arbitrary commands through malformed parameters in AOS-CX CLI commands, achieving remote code execution with high integrity and confidentiality impact. The vulnerability affects low-privileged users on networked systems and requires no user interaction to exploit. No patch is currently available for this command injection flaw.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

simple-git Node.js library has a command injection vulnerability (EPSS with patch) enabling RCE when processing untrusted git operations.

Node.js RCE Command Injection +1
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.

RCE Command Injection Enterprise Server
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

TUBITAK BILGEM Software Technologies Research Institute Liderahenk is affected by missing authentication for critical function (CVSS 7.5).

Command Injection Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Fortinet FortiSandbox Cloud 5.0.4 contains an OS command injection vulnerability that allows privileged super-admin users with CLI access to execute arbitrary code through malicious HTTP requests. The vulnerability requires high privileges and direct access but carries high impact including confidentiality, integrity, and availability compromise. No patch is currently available.

Fortinet Command Injection
NVD
EPSS 0% CVSS 7.4
HIGH Act Now

Command injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell command construction and achieve arbitrary code execution with full system privileges. The vulnerability stems from insufficient input validation when building and executing system commands with user-supplied data. No patch is currently available, leaving all affected versions vulnerable to complete system compromise.

Command Injection Sicam Siapp Sdk
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. [CVSS 7.2 HIGH]

Fortinet Command Injection Fortiweb
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A Siemens product has a command injection vulnerability enabling remote code execution.

Command Injection
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Ghostty terminal emulator allows control characters embedded in pasted or drag-and-dropped text to execute arbitrary commands in certain shell environments, requiring only user interaction to trigger. An attacker can craft malicious text with invisible control sequences that, when copied/pasted by a user, execute unintended commands with the user's privileges. No patch is currently available for this vulnerability.

Command Injection Ghostty Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Command injection in Budibase 3.23.22 and earlier allows authenticated attackers with high privileges to execute arbitrary system commands by injecting malicious values into PostgreSQL connection parameters that are unsanitized in shell command construction. An attacker with administrative access can exploit this vulnerability to gain complete control over the underlying server hosting the Budibase instance. No patch is currently available for this vulnerability.

PostgreSQL Command Injection Budibase
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

OS command injection in Linagora Twake v2023.Q1.1223 allows unauthenticated remote code execution.

Command Injection Twake
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Command injection in TP-Link Archer AXE75 router's web module allows authenticated adjacent-network attackers to execute arbitrary code with root privileges when configured in Access Point mode (sysmode=ap). Affects hardware versions v1.6 and v1.0 running firmware through 1.3.2 Build 20250107. EPSS score of 0.13% (32nd percentile) suggests limited observed exploitation attempts, and no public exploit code or CISA KEV listing identified at time of analysis. Attack requires high-privilege authentication and adjacent network position, limiting opportunistic exploitation but creating significant risk in environments with compromised or malicious insiders.

RCE Command Injection Archer Axe75 Firmware
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Comfast CF-AC100 firmware via the ping_config request handler allows remote attackers with high privileges to execute arbitrary commands on affected devices. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

Command Injection Comfast Cf Ac100 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Wavlink NU516U1 firmware's firewall CGI component allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, which stems from an incomplete fix of a prior CVE. A patch is not currently available, though the vendor has been notified and indicated a fix is in development.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

OS command injection in Totolink N300RH firmware allows unauthenticated remote attackers to execute arbitrary commands through the setWiFiWpsConfig function in the CGI handler. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict network access to the device's management interface until a fix is released.

Command Injection N300rh Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW Monitor

Command injection in RyuzakiShinji biome-mcp-server versions up to 1.0.0 allows authenticated remote attackers to execute arbitrary commands through manipulation of the biome-mcp-server.ts file. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be triggered remotely without user interaction.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

RCE Command Injection AI / ML +2
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the Pr_mode parameter in /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Wavlink WL-NU516U1 firmware allows remote attackers with high privileges to execute arbitrary commands through the model parameter in the OTA upgrade function. Public exploit code exists for this vulnerability, and no patch is currently available. The impact is limited to confidentiality, integrity, and availability of the affected device.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

OS command injection in XikeStor SKS8310-8X network switch firmware 1.04.B07 and prior via management interface. Unauthenticated RCE on network infrastructure.

RCE Command Injection Zikestor Sks8310 8x Firmware
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Mimekit versions up to 4.15.1 contains a vulnerability that allows attackers to embed \r\n into the SMTP envelope address local-part (when the local-part is a q (CVSS 5.3).

Command Injection Mimekit
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary code execution in GitHub Copilot CLI versions <=0.0.422 allows attackers to bypass the agent's shell command safety classifier using bash parameter expansion operators (${var@P}, ${var=value}, ${!var}, and nested $(cmd)/<(cmd)). Attackers influencing agent inputs via prompt injection through repository files, MCP server responses, or user instructions can execute hidden commands disguised as read-only operations on the user's workstation. A detailed proof-of-concept is published in the GHSA advisory; EPSS is low (0.10%, 28th percentile) and the issue is not in CISA KEV, so no public exploit identified at time of analysis beyond the vendor-published PoC.

RCE Command Injection Copilot Command Line Interface
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated OS command injection in AVideo before 7.0.

Command Injection Avideo Encoder
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Command Injection AI / ML Nuclio +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

RCE Path Traversal Command Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware allows unauthenticated attackers to execute arbitrary commands through the firmware_url parameter in the OTA upgrade function, requiring only high-level privileges to trigger. Public exploit code exists for this vulnerability and no patch is currently available, making it an immediate risk for affected devices.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

OpenClaw's exec-approvals feature validates command allowlists before shell expansion but fails to account for expansion during actual execution, enabling authorized users or attackers performing prompt injection to read arbitrary files through glob patterns and environment variables. This arbitrary file disclosure affects systems with host execution enabled in allowlist mode, potentially exposing sensitive data accessible to the gateway or node process. A patch is available to address this command injection vulnerability.

Command Injection Openclaw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated command injection in FreePBX recordings module (versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4) allows authenticated attackers to execute arbitrary system commands with full system privileges. The vulnerability stems from improper input validation in the recordings functionality, enabling complete compromise of affected FreePBX installations. No patch is currently available.

Command Injection Freepbx
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated command injection in FreePBX versions 16.0.17.2-16.0.19 and 17.0.2.4-17.0.4 via the ElevenLabs Text-to-Speech integration allows authenticated users with high privileges to execute arbitrary system commands. The vulnerability exists in the recordings module and affects all installations using the vulnerable TTS engine. No patch is currently available, leaving affected systems at risk of full system compromise.

Command Injection AI / ML Freepbx
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Insufficient input sanitization in select CLI commands on Cisco Secure Firewall ASA and FTD Software allows authenticated local administrators to execute arbitrary code as root by injecting malicious Lua code. An attacker with valid administrator credentials can craft specially formatted parameters to achieve code execution with elevated privileges. No patch is currently available.

Cisco RCE Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Command injection in Mobvoi Tichome Mini smart speaker via crafted requests. EPSS 1.2%. PoC available.

Command Injection Tichome Mini Firmware
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges. [CVSS 7.2 HIGH]

Command Injection Access Commander
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.

Command Injection Seppmail
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Authenticated attackers can achieve remote code execution with root privileges on IDC SFX2100 satellite receiver devices through OS command injection in the web-based Traceroute diagnostic tool. By injecting shell metacharacters into the flags parameter, an attacker can execute arbitrary operating system commands on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available.

Command Injection Sfx2100 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Authenticated attackers can execute arbitrary OS commands with root privileges on IDC SFX2100 satellite receivers through command injection in the web-based Ping utility, bypassing input filters by using alternate shell metacharacters like the pipe operator. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the web management interface and allows complete system compromise for any authenticated user.

Command Injection Sfx2100 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Command injection in D-Link DIR-868L via SSDP service. PoC available.

D-Link Command Injection Dir 868l Firmware
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Command injection in PhialsBasement nmap-mcp-server allows authenticated remote attackers to execute arbitrary system commands through the Nmap CLI Command Handler component due to improper input sanitization in child_process.exec. Public exploit code exists for this vulnerability, and affected users should apply the available patch to remediate the risk.

Command Injection Mcp Nmap Server
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). [CVSS 7.2 HIGH]

RCE Command Injection Tranzman
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability. [CVSS 7.2 HIGH]

Command Injection Tranzman
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). [CVSS 7.8 HIGH]

Command Injection
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

TP-Link Command Injection Deco Be25 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda AC15 router has a code injection in formsetUsbUnload (EPSS 1.7%) enabling unauthenticated remote code execution.

Command Injection Ac15 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda AC15 router has a command injection in formSetIptv (EPSS 1.1%) enabling unauthenticated root-level code execution.

Command Injection Ac15 Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W20E router has a code injection vulnerability in usbPartitionName parameter allowing unauthenticated remote code execution with EPSS 1.1%.

Command Injection W20e Firmware
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

Command Injection
NVD
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in openDCIM 23.04 allows unauthenticated attackers to execute arbitrary OS commands as the web server user by poisoning the 'dot' configuration parameter in the database, then triggering execution via report_network_map.php. Public exploit code exists with a documented SQL injection to command injection attack chain. EPSS score of 0.57% (68th percentile) suggests moderate but not widespread exploitation probability, though the publicly available weaponized exploit significantly elevates real-world risk for exposed instances.

PHP Command Injection Opendcim
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.

RCE Authentication Bypass Command Injection +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

OS command injection in Johnson Controls Frick Controls Quantum HD allows unauthenticated remote attackers to execute arbitrary commands on industrial refrigeration control systems. CVSS 9.8.

Command Injection Frick Controls Quantum Hd Firmware
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Command injection in TOTOLINK N300RH router firmware 6.1c.1353 via setDiagnosisCfg handler. EPSS 4.0% with PoC available — high exploitation probability for consumer routers.

Command Injection N300rh Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the MBird SMS service URL parameters processed during system setup. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro models, with no patch currently available. Exploitation requires high privilege access but carries high impact due to complete system compromise potential.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the server username or password fields during restore operations via the API V1 endpoint. The vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges but could compromise the entire system. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into Wi-Fi SSID or password configuration fields. The vulnerability affects multiple Xweb Pro models (300d, 500b, 500d) and requires high privilege access to exploit, though successful exploitation grants complete system compromise across the network. No patch is currently available.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the Modbus command tool parameters accessible through the debug route. The vulnerability affects Xweb 300d Pro, 500d Pro, and 500b Pro devices, with a CVSS score of 8.0 indicating high severity. No patch is currently available for this command injection flaw.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and prior allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads through crafted LCD state configurations that are processed during system initialization. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro devices and requires high-level privileges to exploit, though the impact extends across connected systems. No patch is currently available for this high-severity vulnerability (CVSS 8.0).

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb Pro firmware (versions 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by uploading a malicious template file through the devices route. This vulnerability affects Xweb 300d Pro, 500b Pro, and 500d Pro models, with no patch currently available. The high CVSS score of 8.0 reflects the severity of achieving code execution with administrative privileges on vulnerable devices.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier (affecting Xweb 500b Pro, 500d Pro, and 300d Pro models) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the server username field during the import preconfiguration API action. An attacker with administrative privileges can exploit this OS command injection vulnerability to gain complete system compromise. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Authenticated attackers can execute arbitrary OS commands on Xweb Pro devices (versions 1.12.1 and earlier across 300d, 500b, and 500d models) by injecting malicious payloads into the hostname configuration parameter during system setup. This command injection vulnerability grants remote code execution with high privileges on affected systems. No patch is currently available, requiring organizations to implement network access controls or disable affected devices until remediation is released.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by submitting a malicious firmware update file through the update mechanism. The vulnerability affects multiple XWEB Pro models (300d, 500d, and 500b) and requires high-level privileges to exploit. No patch is currently available for this high-severity command injection flaw (CVSS 8.0).

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
Prev Page 14 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy