Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2026-25111 HIGH This Week

Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands via malicious input submitted to the restore functionality. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro firmware versions, with no patch currently available. An attacker with valid credentials could compromise the affected device and gain full system control.

RCE Command Injection Xweb 500d Pro Firmware Xweb 500b Pro Firmware Xweb 300d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-25109 HIGH This Week

Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field in the setup route. An attacker with valid credentials can exploit this command injection vulnerability to gain complete system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24695 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.

OpenSSL TLS RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24689 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the devices field during firmware updates. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-24663 CRITICAL Act Now

Unauthenticated OS command injection in Copeland XWEB Pro HVAC controller version 1.12.1 and prior. EPSS 0.96% indicates real exploitation risk for internet-exposed building automation systems.

Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2026-24517 HIGH This Week

Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the firmware update endpoint. The vulnerability stems from insufficient input validation in command processing and requires high privileges but affects the entire system scope. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-21389 HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by submitting malicious input through the contacts import endpoint. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high-level privileges but can compromise the entire system. No patch is currently available.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20910 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field during firmware update operations. The vulnerability affects multiple Xweb Pro models (500d, 500b, and 300d) and requires high-level privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20902 HIGH This Week

Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the map filename field during file upload operations. An attacker with valid credentials can exploit this command injection flaw to gain full system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 300d Pro Firmware Xweb 500b Pro Firmware Xweb 500d Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-20742 HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the templates route. Affected versions include Xweb 500d Pro, 300d Pro, and 500b Pro. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-28279 Go HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-28269 MEDIUM This Month

Kiteworks versions prior to 9.2.0 suffer from a command injection vulnerability that permits authenticated users to redirect command output to arbitrary file locations, potentially enabling overwriting of critical system files and privilege escalation. The vulnerability requires high privileges and manual user interaction to exploit, resulting in a medium severity rating with limited real-world exploitation likelihood (EPSS 0.1%). No patch is currently available for affected installations.

Command Injection Kiteworks
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-28207 MEDIUM POC This Month

Zen C is a systems programming language that compiles to human-readable GNU C/C11. [CVSS 6.6 MEDIUM]

Command Injection Zen C
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27966 PyPI CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection AI / ML Langflow +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-27938 HIGH This Week

Arbitrary command execution in WPGraphQL's GitHub Actions workflow allows attackers with pull request creation privileges to inject shell commands through unvalidated pull request body content, potentially compromising the build environment and repository integrity. The vulnerability affects WPGraphQL versions prior to 2.9.1 and requires low privileges and user interaction to exploit. No patch is currently available for affected deployments.

WordPress Github Command Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-27577 npm CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-22719 HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE Command Injection Aria Operations +3
NVD
CVSS 3.1
8.1
EPSS
7.4%
CVE-2026-27849 CRITICAL Act Now

OS command injection via TLS-SRP update functionality. Third TLS-SRP injection CVE — command injection through the credential update mechanism.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27728 npm CRITICAL POC PATCH Act Now

OS command injection in OneUptime monitoring platform before 10.0.7. Authenticated users can execute arbitrary commands on the monitoring server. PoC and patch available.

Command Injection Oneuptime
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-20099 MEDIUM This Month

Insufficient input validation in Cisco FXOS and UCS Manager web interfaces enables authenticated administrators to inject arbitrary commands and achieve root-level code execution on affected systems. The vulnerability requires local access and valid admin credentials, allowing privileged attackers to bypass normal OS restrictions. No patch is currently available, and the lack of input sanitization on command arguments represents a critical privilege escalation vector for insider threats.

Cisco Command Injection
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-27848 CRITICAL Act Now

OS command injection via TLS-SRP handshake. Similar to CVE-2026-27847 but targeting command execution through the SRP authentication process.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27626 Go CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-22553 CRITICAL Act Now

OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.

SCADA RCE Command Injection Masterscada
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2026-23678 HIGH This Week

Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.

Command Injection 10g08 0800gsm Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-3102 LOW POC PATCH Monitor

Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.

Command Injection Apple
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-3101 LOW POC Monitor

OS command injection in the Ping Handler component of Intelbras TIP 635G firmware (version 1.12.3.5) enables authenticated attackers to execute arbitrary system commands remotely. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices remain exploitable until the vendor releases a security update.

Command Injection Tip 635g Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-27208 CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection Api Gateway Deploy
NVD GitHub
CVSS 3.1
9.2
EPSS
0.2%
CVE-2026-3066 LOW POC Monitor

Hummerrisk versions up to 1.5.0. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-3065 LOW POC Monitor

Command injection in HummerRisk up to version 1.5.0 allows authenticated remote attackers to execute arbitrary commands through the Cloud Task Dry-run feature by manipulating the fileName parameter in CloudTaskService.java. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited impact on confidentiality, integrity, and availability.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-3064 LOW POC Monitor

HummerRisk versions up to 1.5.0 contain a command injection vulnerability in the Cloud Task Scheduler component where the regionId parameter is insufficiently validated, allowing authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early disclosure notification. An authenticated attacker can exploit this to achieve remote code execution with limited scope impact.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-26331 PyPI HIGH POC PATCH This Week

yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]

Python Command Injection Yt Dlp Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-1459 HIGH This Week

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.

Zyxel Command Injection Dx5401 B1 Firmware Emg5523 T50b Firmware Vmg3625 T50b Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-13943 HIGH This Week

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]

Zyxel Command Injection Dx3300 T1 Firmware Px3321 T1 Firmware Wx5610 B0 Firmware +49
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-13942 CRITICAL Act Now

Command injection in Zyxel EX3510-B0 router UPnP functionality via firmware versions through 5.17. Allows remote code execution through the UPnP service.

Zyxel Command Injection Wx5610 B0 Firmware Ee6510 10 Firmware Px3321 T1 Firmware +15
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-3040 LOW POC Monitor

Command injection in DrayTek Vigor 300B firmware up to version 1.5.1.6 allows authenticated remote attackers to execute arbitrary OS commands via the File parameter in the web management interface. Public exploit code exists for this vulnerability, though the vendor has confirmed the product is end-of-life and no patch will be released. This affects only unsupported installations with administrative access.

Command Injection Vigor300b Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-70328 HIGH POC This Week

X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8).

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2025-70329 HIGH POC This Week

X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0).

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2026-2956 LOW POC Monitor

Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.

Command Injection Dst Admin
NVD VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2952 MEDIUM POC This Month

Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-2944 MEDIUM POC This Month

Remote code execution in Tosei Online Store Management System 1.01 allows unauthenticated attackers to execute arbitrary OS commands through the DevId parameter in /cgi-bin/monitor.php. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no user interaction and is exploitable over the network.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-27487 npm HIGH PATCH This Week

OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. The vulnerability has been patched in version 2026.2.14.

macOS Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-26046 HIGH This Week

Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. No patch is currently available, and exploitation requires administrative access but could compromise the entire Moodle installation.

Moodle Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-2043 HIGH This Week

Remote code execution in Nagios Xi through command injection in the esensors_websensor_configwizard_func method allows authenticated attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient input validation on user-supplied parameters passed to system calls. With a CVSS score of 8.8 and no patch currently available, this poses a significant risk to authenticated users of affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2026-2042 HIGH This Week

Remote code execution in Nagios Xi's monitoringwizard module allows authenticated attackers to execute arbitrary commands through insufficient input validation in system calls. An attacker with valid credentials can exploit this command injection vulnerability to gain code execution with service account privileges on affected installations. No patch is currently available for this high-severity vulnerability.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2041 HIGH This Week

Nagios Xi for iOS is vulnerable to command injection in the zabbixagent_configwizard_func method due to insufficient input validation, allowing authenticated attackers to execute arbitrary code with service account privileges. The vulnerability requires valid credentials but no user interaction to exploit, and no patch is currently available. Exploitation could grant attackers full system access on affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2026-2035 MEDIUM This Month

Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.

PHP RCE Command Injection
NVD GitHub
CVSS 3.0
6.8
EPSS
0.2%
CVE-2019-25441 CRITICAL POC Act Now

Unauthenticated command injection in thesystem 1.0. EPSS 3.4%. PoC available.

Command Injection Thesystem
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2026-27113 MEDIUM This Month

Liquid Prompt is an adaptive prompt for Bash and Zsh. [CVSS 6.3 MEDIUM]

Command Injection
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-27190 Cargo HIGH POC PATCH This Week

Command injection in Deno versions prior to 2.6.8 allows unauthenticated remote attackers to execute arbitrary commands through the node:child_process implementation. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.1 and affects the confidentiality, integrity, and availability of affected systems. Users should upgrade to Deno 2.6.8 or later to remediate this risk.

Command Injection Deno Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-35402 CRITICAL Act Now

Unauthenticated OS command injection in PROLiNK PRC2402M router via ip parameter. EPSS 0.39%.

Command Injection
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2026-2333 CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.

Command Injection Opds Talon
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-26093 CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4. EPSS 0.29%.

Command Injection Opds Talon
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-2847 HIGH POC This Week

Remote code execution in UTT HiPER 520 Firmware 1.7.7-160105 allows unauthenticated attackers to inject arbitrary OS commands through the Isp_Name parameter in the web management interface. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can achieve full system compromise by sending a specially crafted request to the /goform/formReleaseConnect endpoint.

Command Injection 520 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-2846 HIGH POC This Week

Remote command injection in UTT HiPer 520 Firmware 1.7.7-160105 web management interface allows unauthenticated attackers to execute arbitrary OS commands through the policyNames parameter. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.

Command Injection 520 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2026-20761 HIGH This Week

EnOcean SmartServer IoT versions 4.60.009 and earlier are vulnerable to unauthenticated remote command injection through maliciously crafted LON IP-852 management messages, enabling attackers to execute arbitrary OS commands with high privileges on affected devices. This network-accessible vulnerability requires no user interaction and affects IoT deployments with no available patch currently available.

IoT Command Injection
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-2824 LOW POC Monitor

Cf-E7 Firmware versions up to 2.6.0.9 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-2823 LOW POC Monitor

Command injection in Comfast CF-E7 firmware versions 2.6.0.9 and earlier allows remote authenticated attackers to execute arbitrary commands through the timestr parameter in the NTP timezone configuration function. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. An attacker with valid credentials can achieve remote code execution with medium impact on confidentiality, integrity, and availability.

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-27001 npm HIGH PATCH This Week

OpenClaw versions prior to 2026.2.15 fail to sanitize workspace directory paths before injecting them into LLM prompts, allowing local attackers with execution privileges to inject malicious instructions through control characters and Unicode markers in directory names. An attacker can exploit this prompt injection vulnerability to manipulate the AI assistant's behavior and execute unintended commands. A patch is available in version 2026.2.15 and later.

Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26323 npm HIGH PATCH This Week

Arbitrary command execution in OpenClaw versions 2026.1.8 through 2026.2.13 allows attackers to execute shell commands when developers or CI systems run the update-clawtributors.ts maintenance script on repositories containing malicious commit metadata. The vulnerability stems from unsanitized interpolation of git author emails into shell commands via execSync, exploitable only by those with access to the development environment or source repository. Version 2026.2.14 patches the issue.

Node.js Github Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-27476 CRITICAL Act Now

Command injection in RustFly 2.0.0 via hex-encoded UDP instructions on port 5005. The remote UI control mechanism accepts and executes commands without validation.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-26318 npm HIGH POC PATCH This Week

Command injection in systeminformation versions before 5.31.0 allows local attackers with user privileges to execute arbitrary system commands through unsanitized output parsing in the versions() function. Public exploit code exists for this vulnerability, which provides complete system compromise capabilities including information disclosure, modification, and denial of service. Upgrade to version 5.31.0 or later to remediate.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26280 npm HIGH POC PATCH This Week

Command injection in the systeminformation Node.js library (versions prior to 5.30.8) lets attackers run arbitrary OS commands on Linux hosts through the wifiNetworks() function. While the iface argument is sanitized on the first call, the setTimeout retry path (triggered when the initial scan returns no results) re-invokes getWifiNetworkListIw() with the original unsanitized value, which reaches execSync('iwlist <iface> scan'). Any application that forwards user-controlled input to si.wifiNetworks() can be coerced into executing commands with the Node.js process privileges; publicly available exploit code exists, though EPSS risk is low (0.08%, 24th percentile) and it is not on the CISA KEV list.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26189 MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection Trivy Action
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-15559 CRITICAL Act Now

Unauthenticated OS command injection in NesterSoft WorkTime via report generation API. Allows executing arbitrary commands.

Command Injection Worktime
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2686 CRITICAL POC Act Now

Command injection in SECCN Dingcheng G10 3.1.0.181203 router via session_login.cgi. PoC available.

Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-2670 HIGH This Week

Unauthenticated remote attackers can achieve OS command injection through the delete_file parameter in Advantech WISE-6610's OpenVPN management interface (/cgi-bin/luci/admin/openvpn_apply), enabling arbitrary command execution with high privileges. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires high-level privileges but involves minimal complexity and poses significant risks to confidentiality, integrity, and availability.

Openvpn Command Injection
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-27182 HIGH This Week

Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. No patch is currently available for this high-severity vulnerability.

RCE Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-27175 CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
Threat
4.7
CVE-2025-65791 CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-33246 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. [CVSS 7.8 HIGH]

Privilege Escalation Command Injection Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2629 MEDIUM This Month

A weakness has been identified in jishi node-sonos-http-ap versions up to 3776 is affected by command injection (CVSS 7.3).

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-22284 MEDIUM PATCH This Month

Unauthenticated command injection in Dell SmartFabric OS10 versions before 10.5.6.12 allows high-privileged remote attackers to execute arbitrary commands on affected network devices. The vulnerability stems from improper sanitization of user-supplied input in command processing, requiring attacker knowledge of administrative credentials to trigger. A patch is available and administrators should prioritize updating affected systems given the severity of potential command execution impact.

Command Injection Smartfabric Os10
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-2630 HIGH This Week

Tenable Security Center is vulnerable to command injection that allows authenticated remote attackers to execute arbitrary code on the hosting server. With no patch currently available and an 8.8 CVSS score, this vulnerability poses a significant risk to organizations relying on this security platform for vulnerability management. Attackers with valid credentials can achieve full system compromise without user interaction.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-70828 HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2615 HIGH POC This Week

Wl-Nu516U1 Firmware versions up to 20251208. contains a vulnerability that allows attackers to command injection (CVSS 7.2).

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-2560 LOW POC Monitor

OS command injection in Kodbox up to version 1.64.05 allows remote authenticated attackers to execute arbitrary commands through the localFile parameter in the Media File Preview Plugin's VideoResize class. Public exploit code exists for this vulnerability, and the vendor has not provided patches or responded to disclosure efforts. The attack requires valid credentials but does not need user interaction and can fully compromise affected systems through command execution.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-2548 LOW Monitor

Command injection in WAYOS FBM-220G 24.10.19 allows authenticated remote attackers to execute arbitrary commands by manipulating UPnP configuration parameters (upnp_waniface, upnp_ssdp_interval, upnp_max_age) in the rc file. No patch is currently available, and the vendor has not responded to disclosure attempts. This vulnerability carries a CVSS score of 6.3 with low complexity exploitation requirements.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.4%
CVE-2026-2544 HIGH This Week

Remote command injection in yued-fe LuLu UI through version 3.0.0 allows unauthenticated attackers to execute arbitrary OS commands via the child_process.exec function in run.js. The vulnerability requires no user interaction and can be exploited over the network, potentially leading to complete system compromise. No patch is currently available from the vendor.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2026-2537 LOW POC Monitor

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2535 LOW POC Monitor

Command injection in Comfast CF-N1 V2 2.6.0.2 firmware allows authenticated remote attackers to execute arbitrary commands via the channel parameter in the /cgi-bin/mbox-config endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited integrity and confidentiality impact.

Command Injection Cf N1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2534 LOW POC Monitor

Command injection in Comfast CF-N1 V2 firmware version 2.6.0.2 allows authenticated remote attackers to execute arbitrary commands through the bandwidth parameter in the /cgi-bin/mbox-config endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Cf N1 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2533 MEDIUM This Month

Tosei Self-service Washing Machine 4.02 contains an unauthenticated command injection vulnerability in the adr_txt_1 parameter of /cgi-bin/tosei_datasend.php, allowing remote attackers to execute arbitrary commands with limited confidentiality, integrity, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
2.1%
CVE-2026-2530 LOW POC Monitor

The WL-WN579A3 wireless router firmware contains a command injection vulnerability in the AddMac function of /cgi-bin/wireless.cgi that allows authenticated remote attackers to execute arbitrary commands with medium impact on confidentiality, integrity, and availability. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Affected systems running firmware versions up to 20210219 require immediate mitigation through network segmentation or device replacement.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2529 MEDIUM POC This Month

Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2026-2528 LOW POC Monitor

Command injection in the Wavlink WL-WN579A3 wireless router firmware allows authenticated remote attackers to execute arbitrary commands through the delete_list parameter in the /cgi-bin/wireless.cgi endpoint. Public exploit code exists for this vulnerability, and no vendor patch is currently available. Affected devices running firmware versions up to 20210219 face risk of complete system compromise from authenticated network access.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2527 LOW POC Monitor

Wl-Wn579A3 Firmware versions up to 20210219. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2026-2526 LOW POC Monitor

Command injection in Wavlink WL-WN579A3 firmware through the SSID2G2 parameter of /cgi-bin/wireless.cgi allows authenticated remote attackers to execute arbitrary commands with limited privileges. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw affects confidentiality, integrity, and availability of affected devices.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-70093 HIGH POC This Week

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. [CVSS 7.4 HIGH]

Command Injection RCE Open Source Point Of Sale
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-25108 HIGH KEV THREAT Act Now

FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific.

Command Injection Filezen
NVD
CVSS 3.1
8.8
EPSS
18.6%
CVE-2026-26068 CRITICAL POC PATCH Act Now

Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%.

Linux RCE Command Injection Emp3r0r
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands via malicious input submitted to the restore functionality. The vulnerability affects Xweb 500d Pro, 500b Pro, and 300d Pro firmware versions, with no patch currently available. An attacker with valid credentials could compromise the affected device and gain full system control.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d Pro, 500d Pro, and 500b Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field in the setup route. An attacker with valid credentials can exploit this command injection vulnerability to gain complete system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500b Pro Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary commands by injecting malicious input into OpenSSL parameter fields. An attacker with valid credentials can exploit this command injection vulnerability through the utility route to gain complete system compromise. No patch is currently available for affected XWEB 500b Pro and 300d Pro devices.

OpenSSL TLS RCE +4
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the devices field during firmware updates. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL Act Now

Unauthenticated OS command injection in Copeland XWEB Pro HVAC controller version 1.12.1 and prior. EPSS 0.96% indicates real exploitation risk for internet-exposed building automation systems.

Command Injection Xweb 500b Pro Firmware Xweb 300d Pro Firmware +1
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d/500b/500d Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input into the firmware update endpoint. The vulnerability stems from insufficient input validation in command processing and requires high privileges but affects the entire system scope. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware (versions 1.12.1 and earlier) allows authenticated attackers to execute arbitrary OS commands by submitting malicious input through the contacts import endpoint. The vulnerability affects multiple Xweb Pro models (500d, 300d, and 500b) and requires high-level privileges but can compromise the entire system. No patch is currently available.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the devices field during firmware update operations. The vulnerability affects multiple Xweb Pro models (500d, 500b, and 300d) and requires high-level privileges to exploit, though it can impact the entire system. No patch is currently available for this HIGH severity issue.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in Xweb 300d Pro, 500b Pro, and 500d Pro firmware (version 1.12.1 and prior) allows authenticated attackers to execute arbitrary OS commands by injecting malicious payloads into the map filename field during file upload operations. An attacker with valid credentials can exploit this command injection flaw to gain full system control. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Remote code execution in XWEB Pro firmware versions 1.12.1 and earlier allows authenticated attackers to execute arbitrary OS commands by injecting malicious input through the templates route. Affected versions include Xweb 500d Pro, 300d Pro, and 500b Pro. No patch is currently available for this vulnerability.

RCE Command Injection Xweb 500d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote code execution in osctrl prior to version 0.5.0 allows authenticated administrators to inject arbitrary OS commands through the hostname parameter during environment configuration, which are then executed on all endpoints enrolling via the compromised environment. The injected commands execute with root/SYSTEM privileges before osquery installation, providing complete system compromise with minimal audit trails. A patch is available in version 0.5.0 and later.

RCE Command Injection Osctrl +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Kiteworks versions prior to 9.2.0 suffer from a command injection vulnerability that permits authenticated users to redirect command output to arbitrary file locations, potentially enabling overwriting of critical system files and privilege escalation. The vulnerability requires high privileges and manual user interaction to exploit, resulting in a medium severity rating with limited real-world exploitation likelihood (EPSS 0.1%). No patch is currently available for affected installations.

Command Injection Kiteworks
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM POC This Month

Zen C is a systems programming language that compiles to human-readable GNU C/C11. [CVSS 6.6 MEDIUM]

Command Injection Zen C
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection +3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Arbitrary command execution in WPGraphQL's GitHub Actions workflow allows attackers with pull request creation privileges to inject shell commands through unvalidated pull request body content, potentially compromising the build environment and repository integrity. The vulnerability affects WPGraphQL versions prior to 2.9.1 and requires low privileges and user interaction to exploit. No patch is currently available for affected deployments.

WordPress Github Command Injection
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection +2
NVD GitHub
EPSS 7% CVSS 8.1
HIGH KEV PATCH THREAT Act Now

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment.

VMware Broadcom RCE +5
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

OS command injection via TLS-SRP update functionality. Third TLS-SRP injection CVE — command injection through the credential update mechanism.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in OneUptime monitoring platform before 10.0.7. Authenticated users can execute arbitrary commands on the monitoring server. PoC and patch available.

Command Injection Oneuptime
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Insufficient input validation in Cisco FXOS and UCS Manager web interfaces enables authenticated administrators to inject arbitrary commands and achieve root-level code execution on affected systems. The vulnerability requires local access and valid admin credentials, allowing privileged attackers to bypass normal OS restrictions. No patch is currently available, and the lack of input sanitization on command arguments represents a critical privilege escalation vector for insider threats.

Cisco Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

OS command injection via TLS-SRP handshake. Similar to CVE-2026-27847 but targeting command execution through the SRP authentication process.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available.

RCE Command Injection Olivetin +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. EPSS 1.26%.

SCADA RCE Command Injection +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated attackers can achieve remote code execution on Binardat 10G08-0800GSM network switches by injecting the %1a character into the traceroute hostname parameter on the web management interface, allowing arbitrary CLI command execution. The vulnerability affects firmware version V300SP10260209 and earlier, and currently has no available patch. This requires valid web interface credentials but poses significant risk due to its high severity rating and network-accessible attack vector.

Command Injection 10g08 0800gsm Firmware
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.

Command Injection Apple
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

OS command injection in the Ping Handler component of Intelbras TIP 635G firmware (version 1.12.3.5) enables authenticated attackers to execute arbitrary system commands remotely. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. Affected devices remain exploitable until the vendor releases a security update.

Command Injection Tip 635g Firmware
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Hummerrisk versions up to 1.5.0. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Java Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in HummerRisk up to version 1.5.0 allows authenticated remote attackers to execute arbitrary commands through the Cloud Task Dry-run feature by manipulating the fileName parameter in CloudTaskService.java. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited impact on confidentiality, integrity, and availability.

Java Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

HummerRisk versions up to 1.5.0 contain a command injection vulnerability in the Cloud Task Scheduler component where the regionId parameter is insufficiently validated, allowing authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early disclosure notification. An authenticated attacker can exploit this to achieve remote code execution with limited scope impact.

Java Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]

Python Command Injection Yt Dlp +2
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Zyxel VMG3625-T50B, DX5401 B1, and EMG5523 T50B devices with firmware through version 5.50(ABPM.9.7)C0 contain a post-authentication command injection vulnerability in the TR-369 certificate download function that allows authenticated administrators to execute arbitrary operating system commands. An attacker with admin credentials could leverage this to gain complete control over the affected device. No patch is currently available.

Zyxel Command Injection Dx5401 B1 Firmware +5
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. [CVSS 8.8 HIGH]

Zyxel Command Injection Dx3300 T1 Firmware +51
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Zyxel EX3510-B0 router UPnP functionality via firmware versions through 5.17. Allows remote code execution through the UPnP service.

Zyxel Command Injection Wx5610 B0 Firmware +17
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in DrayTek Vigor 300B firmware up to version 1.5.1.6 allows authenticated remote attackers to execute arbitrary OS commands via the File parameter in the web management interface. Public exploit code exists for this vulnerability, though the vendor has confirmed the product is end-of-life and no patch will be released. This affects only unsupported installations with administrative access.

Command Injection Vigor300b Firmware
NVD GitHub VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8).

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0).

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.

Command Injection Dst Admin
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.

PHP Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote code execution in Tosei Online Store Management System 1.01 allows unauthenticated attackers to execute arbitrary OS commands through the DevId parameter in /cgi-bin/monitor.php. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no user interaction and is exploitable over the network.

PHP Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. The vulnerability has been patched in version 2026.2.14.

macOS Command Injection AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Moodle's TeX filter fails to properly sanitize administrative configuration inputs, enabling command injection on systems with ImageMagick installed. An authenticated administrator can inject arbitrary system commands through a malicious TeX filter setting, achieving code execution with the privileges of the Moodle server process. No patch is currently available, and exploitation requires administrative access but could compromise the entire Moodle installation.

Moodle Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Nagios Xi through command injection in the esensors_websensor_configwizard_func method allows authenticated attackers to execute arbitrary commands with service account privileges. The vulnerability stems from insufficient input validation on user-supplied parameters passed to system calls. With a CVSS score of 8.8 and no patch currently available, this poses a significant risk to authenticated users of affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Remote code execution in Nagios Xi's monitoringwizard module allows authenticated attackers to execute arbitrary commands through insufficient input validation in system calls. An attacker with valid credentials can exploit this command injection vulnerability to gain code execution with service account privileges on affected installations. No patch is currently available for this high-severity vulnerability.

RCE Command Injection Nagios Xi
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Nagios Xi for iOS is vulnerable to command injection in the zabbixagent_configwizard_func method due to insufficient input validation, allowing authenticated attackers to execute arbitrary code with service account privileges. The vulnerability requires valid credentials but no user interaction to exploit, and no patch is currently available. Exploitation could grant attackers full system access on affected Nagios installations.

RCE Command Injection Nagios Xi
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Remote code execution in Deciso OPNsense's backup functionality allows authenticated network-adjacent attackers to execute arbitrary commands with root privileges through insufficient input validation in the diag_backup.php file. An attacker with valid credentials can inject malicious commands into backup filename parameters to achieve code execution on the affected system. No patch is currently available for this vulnerability.

PHP RCE Command Injection
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated command injection in thesystem 1.0. EPSS 3.4%. PoC available.

Command Injection Thesystem
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM This Month

Liquid Prompt is an adaptive prompt for Bash and Zsh. [CVSS 6.3 MEDIUM]

Command Injection
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Command injection in Deno versions prior to 2.6.8 allows unauthenticated remote attackers to execute arbitrary commands through the node:child_process implementation. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.1 and affects the confidentiality, integrity, and availability of affected systems. Users should upgrade to Deno 2.6.8 or later to remediate this risk.

Command Injection Deno Suse
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unauthenticated OS command injection in PROLiNK PRC2402M router via ip parameter. EPSS 0.39%.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.

Command Injection Opds Talon
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Owl OPDS 2.2.0.4. EPSS 0.29%.

Command Injection Opds Talon
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in UTT HiPER 520 Firmware 1.7.7-160105 allows unauthenticated attackers to inject arbitrary OS commands through the Isp_Name parameter in the web management interface. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can achieve full system compromise by sending a specially crafted request to the /goform/formReleaseConnect endpoint.

Command Injection 520 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote command injection in UTT HiPer 520 Firmware 1.7.7-160105 web management interface allows unauthenticated attackers to execute arbitrary OS commands through the policyNames parameter. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.

Command Injection 520 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

EnOcean SmartServer IoT versions 4.60.009 and earlier are vulnerable to unauthenticated remote command injection through maliciously crafted LON IP-852 management messages, enabling attackers to execute arbitrary OS commands with high privileges on affected devices. This network-accessible vulnerability requires no user interaction and affects IoT deployments with no available patch currently available.

IoT Command Injection
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Cf-E7 Firmware versions up to 2.6.0.9 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Cf E7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in Comfast CF-E7 firmware versions 2.6.0.9 and earlier allows remote authenticated attackers to execute arbitrary commands through the timestr parameter in the NTP timezone configuration function. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. An attacker with valid credentials can achieve remote code execution with medium impact on confidentiality, integrity, and availability.

Command Injection Cf E7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

OpenClaw versions prior to 2026.2.15 fail to sanitize workspace directory paths before injecting them into LLM prompts, allowing local attackers with execution privileges to inject malicious instructions through control characters and Unicode markers in directory names. An attacker can exploit this prompt injection vulnerability to manipulate the AI assistant's behavior and execute unintended commands. A patch is available in version 2026.2.15 and later.

Command Injection AI / ML Openclaw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary command execution in OpenClaw versions 2026.1.8 through 2026.2.13 allows attackers to execute shell commands when developers or CI systems run the update-clawtributors.ts maintenance script on repositories containing malicious commit metadata. The vulnerability stems from unsanitized interpolation of git author emails into shell commands via execSync, exploitable only by those with access to the development environment or source repository. Version 2026.2.14 patches the issue.

Node.js Github Command Injection +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in RustFly 2.0.0 via hex-encoded UDP instructions on port 5005. The remote UI control mechanism accepts and executes commands without validation.

Command Injection
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Command injection in systeminformation versions before 5.31.0 allows local attackers with user privileges to execute arbitrary system commands through unsanitized output parsing in the versions() function. Public exploit code exists for this vulnerability, which provides complete system compromise capabilities including information disclosure, modification, and denial of service. Upgrade to version 5.31.0 or later to remediate.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Command injection in the systeminformation Node.js library (versions prior to 5.30.8) lets attackers run arbitrary OS commands on Linux hosts through the wifiNetworks() function. While the iface argument is sanitized on the first call, the setTimeout retry path (triggered when the initial scan returns no results) re-invokes getWifiNetworkListIw() with the original unsanitized value, which reaches execSync('iwlist <iface> scan'). Any application that forwards user-controlled input to si.wifiNetworks() can be coerced into executing commands with the Node.js process privileges; publicly available exploit code exists, though EPSS risk is low (0.08%, 24th percentile) and it is not on the CISA KEV list.

Node.js Command Injection Systeminformation
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated OS command injection in NesterSoft WorkTime via report generation API. Allows executing arbitrary commands.

Command Injection Worktime
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Command injection in SECCN Dingcheng G10 3.1.0.181203 router via session_login.cgi. PoC available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated remote attackers can achieve OS command injection through the delete_file parameter in Advantech WISE-6610's OpenVPN management interface (/cgi-bin/luci/admin/openvpn_apply), enabling arbitrary command execution with high privileges. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires high-level privileges but involves minimal complexity and poses significant risks to confidentiality, integrity, and availability.

Openvpn Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Saturn Remote Mouse Server on local networks is vulnerable to unauthenticated command injection through specially crafted UDP JSON packets sent to port 27000, enabling attackers to execute arbitrary code with service account privileges. Affected systems lack input validation on command parameters, allowing network-adjacent threat actors to achieve remote code execution without authentication. No patch is currently available for this high-severity vulnerability.

RCE Command Injection
NVD
EPSS 42% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. [CVSS 7.8 HIGH]

Privilege Escalation Command Injection Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A weakness has been identified in jishi node-sonos-http-ap versions up to 3776 is affected by command injection (CVSS 7.3).

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unauthenticated command injection in Dell SmartFabric OS10 versions before 10.5.6.12 allows high-privileged remote attackers to execute arbitrary commands on affected network devices. The vulnerability stems from improper sanitization of user-supplied input in command processing, requiring attacker knowledge of administrative credentials to trigger. A patch is available and administrators should prioritize updating affected systems given the severity of potential command execution impact.

Command Injection Smartfabric Os10
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Tenable Security Center is vulnerable to command injection that allows authenticated remote attackers to execute arbitrary code on the hosting server. With no patch currently available and an 8.8 CVSS score, this vulnerability poses a significant risk to organizations relying on this security platform for vulnerability management. Attackers with valid credentials can achieve full system compromise without user interaction.

Command Injection
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Wl-Nu516U1 Firmware versions up to 20251208. contains a vulnerability that allows attackers to command injection (CVSS 7.2).

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

OS command injection in Kodbox up to version 1.64.05 allows remote authenticated attackers to execute arbitrary commands through the localFile parameter in the Media File Preview Plugin's VideoResize class. Public exploit code exists for this vulnerability, and the vendor has not provided patches or responded to disclosure efforts. The attack requires valid credentials but does not need user interaction and can fully compromise affected systems through command execution.

PHP Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW Monitor

Command injection in WAYOS FBM-220G 24.10.19 allows authenticated remote attackers to execute arbitrary commands by manipulating UPnP configuration parameters (upnp_waniface, upnp_ssdp_interval, upnp_max_age) in the rc file. No patch is currently available, and the vendor has not responded to disclosure attempts. This vulnerability carries a CVSS score of 6.3 with low complexity exploitation requirements.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 7.3
HIGH This Week

Remote command injection in yued-fe LuLu UI through version 3.0.0 allows unauthenticated attackers to execute arbitrary OS commands via the child_process.exec function in run.js. The vulnerability requires no user interaction and can be exploited over the network, potentially leading to complete system compromise. No patch is currently available from the vendor.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in Comfast CF-N1 V2 2.6.0.2 firmware allows authenticated remote attackers to execute arbitrary commands via the channel parameter in the /cgi-bin/mbox-config endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. An attacker with valid credentials can achieve remote code execution with limited integrity and confidentiality impact.

Command Injection Cf N1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in Comfast CF-N1 V2 firmware version 2.6.0.2 allows authenticated remote attackers to execute arbitrary commands through the bandwidth parameter in the /cgi-bin/mbox-config endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Cf N1 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.5
MEDIUM This Month

Tosei Self-service Washing Machine 4.02 contains an unauthenticated command injection vulnerability in the adr_txt_1 parameter of /cgi-bin/tosei_datasend.php, allowing remote attackers to execute arbitrary commands with limited confidentiality, integrity, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP Command Injection
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

The WL-WN579A3 wireless router firmware contains a command injection vulnerability in the AddMac function of /cgi-bin/wireless.cgi that allows authenticated remote attackers to execute arbitrary commands with medium impact on confidentiality, integrity, and availability. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. Affected systems running firmware versions up to 20210219 require immediate mitigation through network segmentation or device replacement.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Unauthenticated command injection in the wireless configuration interface of Wavlink WL-WN579A3 firmware allows remote attackers to execute arbitrary commands through the delete_list parameter. Public exploit code is available for this vulnerability, and no patch has been released by the vendor despite early notification. Affected devices can be compromised remotely to gain full system access with minimal authentication requirements.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in the Wavlink WL-WN579A3 wireless router firmware allows authenticated remote attackers to execute arbitrary commands through the delete_list parameter in the /cgi-bin/wireless.cgi endpoint. Public exploit code exists for this vulnerability, and no vendor patch is currently available. Affected devices running firmware versions up to 20210219 face risk of complete system compromise from authenticated network access.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Wl-Wn579A3 Firmware versions up to 20210219. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in Wavlink WL-WN579A3 firmware through the SSID2G2 parameter of /cgi-bin/wireless.cgi allows authenticated remote attackers to execute arbitrary commands with limited privileges. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The flaw affects confidentiality, integrity, and availability of affected devices.

Command Injection Wl Wn579a3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. [CVSS 7.4 HIGH]

Command Injection RCE Open Source Point Of Sale
NVD GitHub
EPSS 19% CVSS 8.8
HIGH KEV THREAT Act Now

FileZen contains an OS command injection vulnerability (CVE-2026-25108, CVSS 8.8) that allows authenticated users to execute arbitrary commands when the Antivirus Check Option is enabled. KEV-listed with EPSS 18.6%, this vulnerability in the Japanese file-sharing appliance has been actively exploited in campaigns targeting organizations in Japan and Asia-Pacific.

Command Injection Filezen
NVD
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%.

Linux RCE Command Injection +1
NVD GitHub
Prev Page 15 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy