Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2026-1723 This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Command Injection
NVD GitHub
EPSS
0.5%
CVE-2025-24293 Ruby CRITICAL PATCH Act Now

Command injection in Ruby on Rails Active Storage allows attackers to abuse a permissive default allow-list of image transformation methods, escaping the framework's safe-transformation guardrails when an application forwards untrusted input as the transformation method or its parameters. Three methods on the default allow-list can be used to circumvent the safe defaults and reach the underlying ImageMagick processor, enabling OS command injection (CVSS 4.0 9.2). No public exploit has been identified at time of analysis, and EPSS is low at 0.22% (44th percentile), but a vendor patch is available and the issue is RCE-class.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-1690 LOW POC Monitor

Command injection in Tenda HG10 firmware allows remote attackers with high privileges to execute arbitrary system commands via the sysCmd parameter in /boaform/formSysCmd. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can exploit this to achieve limited unauthorized access and potential system compromise.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.9%
CVE-2026-1689 MEDIUM POC This Month

Command injection in Tenda HG10 firmware's login interface allows unauthenticated remote attackers to execute arbitrary commands by manipulating the Host parameter in the checkUserFromLanOrWan function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can fully compromise affected devices through remote code execution.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
4.5%
CVE-2026-1687 MEDIUM POC This Month

Hg10 Firmware versions up to - contains a vulnerability that allows attackers to command injection (CVSS 7.3).

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
5.3%
CVE-2026-22623 HIGH This Week

Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.

Command Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-26385 Monitor

LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 versions up to 14.1 is affected by command injection.

Command Injection
NVD
EPSS
0.2%
CVE-2026-22277 HIGH This Week

Dell UnityVSA versions 5.4 and prior allow local attackers with low privileges to achieve arbitrary command execution with root-level access through OS command injection. This vulnerability requires local access and no user interaction, enabling attackers to completely compromise affected systems. No patch is currently available.

Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21418 HIGH This Week

Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. No patch is currently available for this vulnerability.

Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1638 LOW Monitor

Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-1665 This Week

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path).

Docker Command Injection
NVD GitHub
EPSS
0.0%
CVE-2026-25063 HIGH PATCH This Week

Arbitrary code execution in gradle-completion versions up to 9.3.0 occurs when users perform Bash tab completion in directories with malicious Gradle build files, as the script fails to sanitize task names and descriptions. A local attacker can inject shell commands through backticks in task descriptions, which are executed automatically during completion without requiring the user to run any Gradle tasks. The vulnerability affects developers using Gradle with bash completion enabled.

Command Injection Gradle Completion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25046 LOW Monitor

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Command Injection RCE
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-24905 Go MEDIUM POC PATCH GHSA This Month

Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.

Kubernetes Command Injection
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2026-1625 LOW Monitor

Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1624 LOW Monitor

Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1623 LOW POC Monitor

Command injection in Totolik A7000R firmware through the setUpgradeFW function allows unauthenticated remote attackers to execute arbitrary commands via a malicious FileName parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The device remains vulnerable as no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
2.1%
CVE-2026-1601 LOW POC Monitor

A7000R Firmware versions up to 4.1cu.4154 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
8.3%
CVE-2026-1596 LOW Monitor

Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2020-37002 HIGH POC This Week

Authentication bypass leading to command execution in Ajenti 2.1.36. Despite requiring login, the authentication can be bypassed for subsequent command execution. EPSS 0.64% with PoC available.

Authentication Bypass Command Injection
NVD GitHub Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-23571 MEDIUM This Month

TeamViewer DEX versions below 24.5 allow authenticated users with actioner privileges to execute arbitrary elevated commands on connected hosts through inadequate input validation in the 1E-Nomad-RunPkgStatusRequest instruction. An attacker with these credentials could inject malicious commands to gain unauthorized system access and control. The vulnerability requires user interaction and high-level privileges but carries a significant risk due to the potential for complete system compromise.

Command Injection Digital Employee Experience
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-1548 LOW POC Monitor

Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-1547 LOW POC Monitor

Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-1544 LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2022-40619 HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]

Netgear Command Injection R7000 Firmware Xr300 Firmware R6230 Firmware +7
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2025-57283 npm HIGH PATCH This Week

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]

Node.js Command Injection Browserstack Local Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-1506 HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-1505 HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2026-24841 CRITICAL POC PATCH Act Now

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.

Docker Command Injection Dokploy
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-1448 HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-14756 HIGH This Week

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH]

TP-Link Command Injection Archer Mr600 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2016-15057 Maven CRITICAL POC THREAT Emergency

Command injection in Apache Continuum (unsupported). EPSS 37.9% indicates active exploitation of this legacy CI/CD system. No patch available — product is end-of-life.

Apache Command Injection Continuum
NVD
CVSS 3.1
9.9
EPSS
37.9%
Threat
4.6
CVE-2026-1428 HIGH This Week

WellChoose's Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. Attackers with valid credentials can exploit this flaw to achieve remote code execution with full system privileges. No patch is currently available for this high-severity vulnerability.

Command Injection Single Sign On Portal System
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1427 HIGH POC This Week

The WellChoose Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. An attacker with valid credentials can bypass input validation to inject malicious OS commands, achieving full system compromise with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection Single Sign On Portal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1419 LOW POC Monitor

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-1414 LOW POC Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1413 LOW Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1412 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-67264 HIGH POC This Week

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24423 CRITICAL POC KEV THREAT Emergency

SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise.

RCE Command Injection Smartermail
NVD
CVSS 3.1
9.8
EPSS
29.3%
Threat
5.8
CVE-2021-47903 HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-0796 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0795 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0787 CRITICAL Act Now

ALGO 8180 IP Audio Alerter has a command injection in the SAC interface (EPSS 0.68%) allowing remote code execution on the emergency notification device.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-0786 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0785 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-0784 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0783 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0782 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0781 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0780 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0779 HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection 8180 Ip Audio Alerter Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0766 HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0765 HIGH This Week

Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0759 CRITICAL Act Now

Katana Network Development Starter Kit has a command injection in executeCommand enabling remote code execution through the development framework.

RCE Command Injection AI / ML
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-0758 HIGH This Week

mcp-server-siri-shortcuts fails to validate the shortcutName parameter before using it in system calls, enabling local attackers with low-privileged code execution to inject arbitrary commands and escalate to service account privileges. This command injection vulnerability (CVE-2026-0758, CVSS 7.8) affects the AI/ML tool and currently lacks a patch. An attacker exploiting this flaw can execute arbitrary code with elevated privileges on the affected system.

Privilege Escalation Command Injection AI / ML
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2026-0757 HIGH This Week

MCP Manager for Claude Desktop is vulnerable to command injection through improperly validated MCP config objects, enabling remote attackers to escape the sandbox and execute arbitrary code on affected systems. The vulnerability requires user interaction such as visiting a malicious page or opening a malicious file, and currently lacks an available patch. An attacker can leverage this flaw to achieve code execution with medium integrity privileges in the context of the running process.

Command Injection AI / ML
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2026-0756 CRITICAL Act Now

github-kanban-mcp-server has a command injection in execAsync (EPSS 1.0%) enabling remote code execution on developer machines using the GitHub Kanban MCP integration.

Github RCE Command Injection AI / ML
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2026-0755 npm CRITICAL POC PATCH GHSA Act Now

gemini-mcp-tool has a command injection in execAsync allowing remote code execution on systems using the Gemini AI MCP integration.

RCE Command Injection AI / ML
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2025-15063 CRITICAL Act Now

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

RCE Command Injection AI / ML Ollama
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2025-15061 npm CRITICAL PATCH Act Now

Framelink Figma MCP Server has a command injection vulnerability in fetchWithRetry (EPSS 1.4%) enabling remote code execution on developer machines using the MCP integration.

RCE Command Injection AI / ML
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2026-24132 npm CRITICAL PATCH Act Now

Orval TypeScript code generator versions 7.19+ have a command injection vulnerability allowing RCE through malicious OpenAPI specifications during code generation.

Command Injection Orval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-21520 HIGH PATCH This Week

Unauthenticated attackers can remotely access sensitive information in Microsoft Copilot Studio due to improper access controls, requiring no authentication or user interaction. This network-based vulnerability exposes confidential data to unauthorized disclosure with no patch currently available.

Command Injection AI / ML Copilot Studio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56590 CRITICAL POC Act Now

Apryse HTML2PDF SDK through version 11.10 has a command injection vulnerability in the InsertFromURL function allowing remote code execution when converting HTML to PDF.

Command Injection Html2pdf
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1327 LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-1326 LOW POC Monitor

Command injection in Totolik NR1800X firmware allows authenticated remote attackers to execute arbitrary commands through the Hostname parameter in the setWanCfg POST handler. Public exploit code exists for this vulnerability, creating elevated risk despite no patch availability. Affected devices can be compromised to gain full system control with network access and valid credentials.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-1324 HIGH POC This Week

Operation And Maintenance Security Management System versions up to 3.0.12. is affected by command injection (CVSS 8.8).

SSH Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-23699 HIGH This Week

Unauthenticated attackers can execute arbitrary OS commands on AP180 series devices running firmware versions before AP_RGOS 11.9(4)B1P8 through a command injection vulnerability. This allows complete system compromise including data theft, modification, and availability disruption. No patch is currently available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.3%
CVE-2026-0933 npm CRITICAL PATCH Act Now

Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.

Command Injection Wrangler Cloudflare
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-15367 PATCH Monitor

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection
NVD GitHub VulDB
EPSS
0.1%
CVE-2025-15366 MEDIUM PATCH This Month

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-55423 CRITICAL POC Act Now

Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.

Command Injection A104 Firmware A604mu Firmware Ax2004 Firmware N2plus I Firmware +159
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-33230 HIGH PATCH This Week

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. [CVSS 7.3 HIGH]

Linux Denial Of Service Privilege Escalation Command Injection Information Disclosure +2
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-33228 HIGH PATCH This Week

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. [CVSS 7.3 HIGH]

Denial Of Service Privilege Escalation Command Injection Information Disclosure Cuda Toolkit +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-22844 CRITICAL Act Now

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.

Zoom RCE Command Injection
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-23947 npm CRITICAL PATCH Act Now

Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.

Command Injection RCE Orval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1192 MEDIUM POC This Month

Online Store Management System versions up to 1.01 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

PHP Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
2.5%
CVE-2026-1150 LOW POC Monitor

Command injection in Totolik LR350 firmware through the setTracerouteCfg function allows authenticated remote attackers to execute arbitrary system commands via a malicious POST request to /cgi-bin/cstecgi.cgi. Public exploit code is available and the vulnerability remains unpatched, creating immediate risk for deployed devices. An attacker with network access and valid credentials can achieve code execution with full device compromise potential.

Command Injection Lr350 Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-1149 LOW POC Monitor

Command injection in Totolink LR350 firmware allows authenticated remote attackers to execute arbitrary commands through the ip parameter in the setDiagnosisCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict access to the affected device until a fix is released.

Command Injection Lr350 Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
2.7%
CVE-2026-1125 MEDIUM POC This Month

Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.8%
CVE-2026-1066 LOW Monitor

Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Kodbox
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-1064 LOW Monitor

Bastillion up to version 4.0.1 contains a command injection vulnerability in the System Management Module that allows remote attackers with high privileges to execute arbitrary commands. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. The impact is limited to low-level confidentiality, integrity, and availability compromise.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2026-1063 LOW Monitor

Command injection in Bastillion's public key management system (versions up to 4.0.1) allows remote attackers with high privileges to execute arbitrary commands through the AuthKeysKtrl.java component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires network access and high-level authentication but carries minimal complexity once access is obtained.

Java Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2021-47816 HIGH POC This Week

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20759 HIGH This Week

Authenticated command injection in TOA Corporation TRIFORA 3 series network cameras allows low-privilege monitoring users to execute arbitrary OS commands on affected devices. The vulnerability requires valid credentials but no user interaction, making it exploitable by insiders or accounts obtained through credential compromise. No patch is currently available for this high-severity flaw affecting network infrastructure.

Command Injection
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-60021 CRITICAL Act Now

Apache bRPC versions before 1.15.0 contain a remote command injection vulnerability in the heap profiler built-in service, allowing attackers to execute arbitrary OS commands.

Apache Github Command Injection Brpc
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0975 HIGH This Week

Delta Electronics DIAView has Command Injection vulnerability. [CVSS 7.8 HIGH]

Industrial Command Injection Diaview
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23520 Go CRITICAL POC PATCH Act Now

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.

Docker Command Injection Arcane Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-22265 HIGH POC PATCH This Week

Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.

Apache Nginx Command Injection Roxy Wi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-62193 CRITICAL Act Now

NOAA PMEL Live Access Server (LAS) has unauthenticated RCE through PyFerret SPAWN commands embedded in requests. Scientific data servers running LAS are vulnerable to complete compromise.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
EPSS 1%
This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Command Injection
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Command injection in Ruby on Rails Active Storage allows attackers to abuse a permissive default allow-list of image transformation methods, escaping the framework's safe-transformation guardrails when an application forwards untrusted input as the transformation method or its parameters. Three methods on the default allow-list can be used to circumvent the safe defaults and reach the underlying ImageMagick processor, enabling OS command injection (CVSS 4.0 9.2). No public exploit has been identified at time of analysis, and EPSS is low at 0.22% (44th percentile), but a vendor patch is available and the issue is RCE-class.

PHP Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 2.0
LOW POC Monitor

Command injection in Tenda HG10 firmware allows remote attackers with high privileges to execute arbitrary system commands via the sysCmd parameter in /boaform/formSysCmd. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can exploit this to achieve limited unauthorized access and potential system compromise.

Command Injection Tenda
NVD GitHub VulDB
EPSS 5% CVSS 5.5
MEDIUM POC This Month

Command injection in Tenda HG10 firmware's login interface allows unauthenticated remote attackers to execute arbitrary commands by manipulating the Host parameter in the checkUserFromLanOrWan function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can fully compromise affected devices through remote code execution.

Command Injection Tenda
NVD GitHub VulDB
EPSS 5% CVSS 5.5
MEDIUM POC This Month

Hg10 Firmware versions up to - contains a vulnerability that allows attackers to command injection (CVSS 7.3).

Command Injection Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection in HIKSEMI NAS devices allows privileged users to execute arbitrary commands through improper input validation on the device interface. Attackers with valid credentials can craft malicious messages to achieve unauthenticated code execution on affected systems. No patch is currently available for this vulnerability.

Command Injection RCE
NVD
EPSS 0%
Monitor

LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 versions up to 14.1 is affected by command injection.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell UnityVSA versions 5.4 and prior allow local attackers with low privileges to achieve arbitrary command execution with root-level access through OS command injection. This vulnerability requires local access and no user interaction, enabling attackers to completely compromise affected systems. No patch is currently available.

Command Injection Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity versions 5.5.2 and earlier suffer from an OS command injection vulnerability that allows local attackers with low privileges to execute arbitrary commands with root-level access. The flaw stems from improper input validation in command processing, enabling privilege escalation on affected systems. No patch is currently available for this vulnerability.

Command Injection Unity Operating Environment
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Command Injection Tenda
NVD GitHub VulDB
EPSS 0%
This Week

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path).

Docker Command Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in gradle-completion versions up to 9.3.0 occurs when users perform Bash tab completion in directories with malicious Gradle build files, as the script fails to sanitize task names and descriptions. A local attacker can inject shell commands through backticks in task descriptions, which are executed automatically during completion without requiring the user to run any Gradle tasks. The vulnerability affects developers using Gradle with bash completion enabled.

Command Injection Gradle Completion
NVD GitHub
EPSS 0% CVSS 2.9
LOW Monitor

Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. [CVSS 2.9 LOW]

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

Inspektor Gadget versions prior to 0.48.1 allow local attackers with limited privileges to execute arbitrary commands during custom gadget image builds due to insufficient input sanitization in Makefile generation. An attacker who can control buildOptions parameters can inject shell commands that execute with the privileges of the build process. Public exploit code exists for this vulnerability.

Kubernetes Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware version 1.1.47 allows authenticated remote attackers to execute arbitrary commands via manipulation of the action_value parameter in the SMS message handling function. The vulnerability requires valid credentials but no user interaction, and public exploit code is available. Affected systems can suffer unauthorized command execution, data theft, and potential device compromise.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware through the /boafrm/formLtefotaUpgradeFibocom endpoint allows authenticated remote attackers to execute arbitrary commands by manipulating the fota_url parameter. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware through the setUpgradeFW function allows unauthenticated remote attackers to execute arbitrary commands via a malicious FileName parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The device remains vulnerable as no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 8% CVSS 2.1
LOW POC Monitor

A7000R Firmware versions up to 4.1cu.4154 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in D-Link DWR-M961 firmware (version 1.1.47) allows unauthenticated remote attackers to execute arbitrary commands through the fota_url parameter in the LTE firmware upgrade function. Public exploit code exists for this vulnerability, which requires low privileges but no user interaction to exploit. No patch is currently available for affected devices.

D-Link Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

Authentication bypass leading to command execution in Ajenti 2.1.36. Despite requiring login, the authentication can be bypassed for subsequent command execution. EPSS 0.64% with PoC available.

Authentication Bypass Command Injection
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

TeamViewer DEX versions below 24.5 allow authenticated users with actioner privileges to execute arbitrary elevated commands on connected hosts through inadequate input validation in the 1E-Nomad-RunPkgStatusRequest instruction. An attacker with these credentials could inject malicious commands to gain unauthorized system access and control. The vulnerability requires user interaction and high-level privileges but carries a significant risk due to the potential for complete system compromise.

Command Injection Digital Employee Experience
NVD
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

D-Link DIR-823X routers are vulnerable to remote command injection through the lan_gateway parameter in the /goform/set_mode function, allowing authenticated attackers to execute arbitrary OS commands. Public exploit code is available for this vulnerability, and affected devices are no longer receiving security updates from the vendor. The attack requires network access and valid credentials but has a low CVSS score of 6.3 due to limited impact scope.

D-Link Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 7.7
HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]

Netgear Command Injection R7000 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. [CVSS 7.8 HIGH]

Node.js Command Injection Browserstack Local +2
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.

Docker Command Injection Dokploy
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH]

TP-Link Command Injection Archer Mr600 Firmware
NVD
EPSS 38% 4.6 CVSS 9.9
CRITICAL POC THREAT Emergency

Command injection in Apache Continuum (unsupported). EPSS 37.9% indicates active exploitation of this legacy CI/CD system. No patch available — product is end-of-life.

Apache Command Injection Continuum
NVD
EPSS 0% CVSS 8.8
HIGH This Week

WellChoose's Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. Attackers with valid credentials can exploit this flaw to achieve remote code execution with full system privileges. No patch is currently available for this high-severity vulnerability.

Command Injection Single Sign On Portal System
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

The WellChoose Single Sign-On Portal System contains an OS command injection vulnerability that allows authenticated users to execute arbitrary commands on the affected server. An attacker with valid credentials can bypass input validation to inject malicious OS commands, achieving full system compromise with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection Single Sign On Portal System
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).

D-Link Command Injection
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710 [CVSS 7.8 HIGH]

Command Injection Note59 Pro Firmware Note59 Firmware +1
NVD GitHub
EPSS 29% 5.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthenticated remote code execution flaw in the ConnectToHub API method. An attacker can redirect the SmarterMail server to connect to a malicious HTTP endpoint that serves OS commands for execution. KEV-listed with EPSS 29%, this is chainable with CVE-2026-23760 for complete server compromise.

RCE Command Injection Smartermail
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but provides complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available for this issue.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices via command injection in the web UI allows authenticated attackers to execute arbitrary system commands due to insufficient input validation. An attacker with valid credentials can inject malicious commands through user-supplied parameters to gain code execution on the affected device. No patch is currently available for this vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ALGO 8180 IP Audio Alerter has a command injection in the SAC interface (EPSS 0.68%) allowing remote code execution on the emergency notification device.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware results from insufficient input validation in the SCI module, allowing authenticated attackers to inject arbitrary commands and execute code with device privileges. The vulnerability affects Golang-based implementations and carries a high CVSS score of 8.8, with no patch currently available. Exploitation requires valid credentials but poses significant risk to networked audio alerting infrastructure.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the API interface allows authenticated attackers to execute arbitrary system commands on affected devices due to insufficient input validation. The vulnerability has a high CVSS score of 8.8 and currently lacks a patch. With an EPSS score of 0.8%, exploitation is possible but not yet widely observed in the wild.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on vulnerable devices due to insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input to compromise the device and execute code with device privileges. No patch is currently available for this vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices through insufficient input validation. An attacker with valid credentials can inject malicious commands through unsanitized user input parameters to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter devices through command injection in the web management interface allows authenticated attackers to execute arbitrary commands with device privileges. The vulnerability stems from insufficient input validation of user-supplied parameters passed to system calls. A patch is not currently available for this high-severity flaw affecting Golang-based firmware.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. An attacker with valid credentials can exploit this vulnerability to achieve code execution in the device context. No patch is currently available for this high-severity vulnerability (CVSS 8.8).

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware through command injection in the web UI allows authenticated attackers to execute arbitrary commands on affected devices due to insufficient input validation. The vulnerability requires valid credentials to exploit but enables complete device compromise once authenticated. No patch is currently available for this high-severity flaw affecting the Golang-based firmware.

Golang RCE Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in ALGO 8180 IP Audio Alerter firmware via command injection in the web interface allows authenticated attackers to execute arbitrary code on affected devices through insufficient input validation. The vulnerability requires valid credentials but no user interaction to exploit, presenting significant risk to networked audio alerting systems. No patch is currently available.

Golang RCE Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Open WebUI's install_frontmatter_requirements function allows authenticated attackers to execute arbitrary commands on the host system by bypassing input validation in system call parameters. The vulnerability affects AI/ML deployments using Open WebUI and requires valid authentication credentials to exploit. No patch is currently available.

RCE Command Injection AI / ML +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Katana Network Development Starter Kit has a command injection in executeCommand enabling remote code execution through the development framework.

RCE Command Injection AI / ML
NVD
EPSS 0% CVSS 7.8
HIGH This Week

mcp-server-siri-shortcuts fails to validate the shortcutName parameter before using it in system calls, enabling local attackers with low-privileged code execution to inject arbitrary commands and escalate to service account privileges. This command injection vulnerability (CVE-2026-0758, CVSS 7.8) affects the AI/ML tool and currently lacks a patch. An attacker exploiting this flaw can execute arbitrary code with elevated privileges on the affected system.

Privilege Escalation Command Injection AI / ML
NVD
EPSS 0% CVSS 8.8
HIGH This Week

MCP Manager for Claude Desktop is vulnerable to command injection through improperly validated MCP config objects, enabling remote attackers to escape the sandbox and execute arbitrary code on affected systems. The vulnerability requires user interaction such as visiting a malicious page or opening a malicious file, and currently lacks an available patch. An attacker can leverage this flaw to achieve code execution with medium integrity privileges in the context of the running process.

Command Injection AI / ML
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

github-kanban-mcp-server has a command injection in execAsync (EPSS 1.0%) enabling remote code execution on developer machines using the GitHub Kanban MCP integration.

Github RCE Command Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

gemini-mcp-tool has a command injection in execAsync allowing remote code execution on systems using the Gemini AI MCP integration.

RCE Command Injection AI / ML
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

RCE Command Injection AI / ML +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Framelink Figma MCP Server has a command injection vulnerability in fetchWithRetry (EPSS 1.4%) enabling remote code execution on developer machines using the MCP integration.

RCE Command Injection AI / ML
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Orval TypeScript code generator versions 7.19+ have a command injection vulnerability allowing RCE through malicious OpenAPI specifications during code generation.

Command Injection Orval
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated attackers can remotely access sensitive information in Microsoft Copilot Studio due to improper access controls, requiring no authentication or user interaction. This network-based vulnerability exposes confidential data to unauthorized disclosure with no patch currently available.

Command Injection AI / ML Copilot Studio
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Apryse HTML2PDF SDK through version 11.10 has a command injection vulnerability in the InsertFromURL function allowing remote code execution when converting HTML to PDF.

Command Injection Html2pdf
NVD
EPSS 1% CVSS 2.1
LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in Totolik NR1800X firmware allows authenticated remote attackers to execute arbitrary commands through the Hostname parameter in the setWanCfg POST handler. Public exploit code exists for this vulnerability, creating elevated risk despite no patch availability. Affected devices can be compromised to gain full system control with network access and valid credentials.

Command Injection Nr1800x Firmware
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Operation And Maintenance Security Management System versions up to 3.0.12. is affected by command injection (CVSS 8.8).

SSH Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated attackers can execute arbitrary OS commands on AP180 series devices running firmware versions before AP_RGOS 11.9(4)B1P8 through a command injection vulnerability. This allows complete system compromise including data theft, modification, and availability disruption. No patch is currently available.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.

Command Injection Wrangler Cloudflare
NVD GitHub
EPSS 0%
PATCH Monitor

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection Red Hat Suse
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.

Command Injection A104 Firmware A604mu Firmware +161
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. [CVSS 7.3 HIGH]

Linux Denial Of Service Privilege Escalation +4
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. [CVSS 7.3 HIGH]

Denial Of Service Privilege Escalation Command Injection +3
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.

Zoom RCE Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.

Command Injection RCE Orval
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Online Store Management System versions up to 1.01 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

PHP Command Injection
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in Totolik LR350 firmware through the setTracerouteCfg function allows authenticated remote attackers to execute arbitrary system commands via a malicious POST request to /cgi-bin/cstecgi.cgi. Public exploit code is available and the vulnerability remains unpatched, creating immediate risk for deployed devices. An attacker with network access and valid credentials can achieve code execution with full device compromise potential.

Command Injection Lr350 Firmware
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in Totolink LR350 firmware allows authenticated remote attackers to execute arbitrary commands through the ip parameter in the setDiagnosisCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict access to the affected device until a fix is released.

Command Injection Lr350 Firmware
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Dir-823X Firmware versions up to 250126 contains a vulnerability that allows attackers to command injection (CVSS 7.3).

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Command Injection Kodbox
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

Bastillion up to version 4.0.1 contains a command injection vulnerability in the System Management Module that allows remote attackers with high privileges to execute arbitrary commands. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. The impact is limited to low-level confidentiality, integrity, and availability compromise.

Java Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

Command injection in Bastillion's public key management system (versions up to 4.0.1) allows remote attackers with high privileges to execute arbitrary commands through the AuthKeysKtrl.java component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires network access and high-level authentication but carries minimal complexity once access is obtained.

Java Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated command injection in TOA Corporation TRIFORA 3 series network cameras allows low-privilege monitoring users to execute arbitrary OS commands on affected devices. The vulnerability requires valid credentials but no user interaction, making it exploitable by insiders or accounts obtained through credential compromise. No patch is currently available for this high-severity flaw affecting network infrastructure.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Apache bRPC versions before 1.15.0 contain a remote command injection vulnerability in the heap profiler built-in service, allowing attackers to execute arbitrary OS commands.

Apache Github Command Injection +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Delta Electronics DIAView has Command Injection vulnerability. [CVSS 7.8 HIGH]

Industrial Command Injection Diaview
NVD
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.

Docker Command Injection Arcane +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later.

Apache Nginx Command Injection +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

NOAA PMEL Live Access Server (LAS) has unauthenticated RCE through PyFerret SPAWN commands embedded in requests. Scientific data servers running LAS are vulnerable to complete compromise.

RCE Command Injection
NVD GitHub
Prev Page 17 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy