Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-33206 HIGH PATCH This Week

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. [CVSS 7.8 HIGH]

Linux Industrial Denial Of Service Privilege Escalation Command Injection +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22718 MEDIUM This Month

Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arbitrary commands on their machine through unsanitized input. An attacker with local access could exploit this to compromise the affected system, though no patch is currently available.

Spring Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-54339 CRITICAL POC Act Now

Webgrind 1.1 has unauthenticated command injection via the dataFile parameter in index.php. The profiling tool executes OS commands directly from URL parameters. PoC available.

PHP Command Injection Webgrind
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-50909 HIGH POC This Week

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]

Golang RCE Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-37176 MEDIUM This Month

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]

Command Injection Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37172 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37171 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-37170 HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-21267 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier via OS command injection allows attackers to execute arbitrary commands on affected systems when a victim opens a malicious file. The vulnerability requires local access and user interaction but impacts all confidentiality, integrity, and availability of the system. No patch is currently available.

Command Injection Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-64155 CRITICAL POC Act Now

Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available.

Fortinet Command Injection Fortisiem
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0406 HIGH PATCH This Week

NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available.

Netgear Command Injection Xr1000v2 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0404 HIGH PATCH This Week

Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw.

Netgear Command Injection Rbs860 Firmware Rbr850 Firmware Rbse950 Firmware +9
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-0403 HIGH PATCH This Week

NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions.

Netgear Command Injection Rbs850 Firmware Rbe970 Firmware Rbs750 Firmware +7
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-22755 Monitor

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.

Command Injection
NVD
EPSS
0.9%
CVE-2025-13447 HIGH This Week

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]

RCE Command Injection Multi Tenant Hypervisor Loadmaster Moveit Waf +1
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-13444 HIGH This Week

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]

RCE Command Injection Ecs Connection Manager Moveit Waf Connection Manager For Objectscale +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0507 HIGH This Week

SAP Application Server for ABAP and NetWeaver RFCSDK contain an OS command injection vulnerability that allows authenticated administrators with adjacent network access to execute arbitrary system commands by uploading malicious content. Successful exploitation results in complete system compromise affecting confidentiality, integrity, and availability. No patch is currently available.

SAP Command Injection
NVD
CVSS 3.1
8.4
EPSS
1.4%
CVE-2026-0500 CRITICAL PATCH Act Now

SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.

SAP Java Command Injection Introscope Enterprise Manager
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-0498 CRITICAL PATCH Act Now

SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.

SAP Command Injection
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-0491 CRITICAL Act Now

SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.

SAP Command Injection
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-22785 npm CRITICAL POC PATCH Act Now

orval (TypeScript API client generator) before 7.18.0 has code injection via OpenAPI specification summary fields in MCP server generation. Malicious API specs can inject arbitrary code into generated TypeScript. PoC available, patch available.

Command Injection RCE Orval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22781 CRITICAL PATCH Act Now

TinyWeb HTTP Server before 1.98 has OS command injection via CGI ISINDEX query parameters. The query string is passed as command-line arguments to CGI executables through Windows CreateProcess(), allowing unauthenticated RCE. Patch available.

Windows Command Injection Tinyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-0855 HIGH This Week

Merit LILIN IP Camera models contain an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands on affected devices with high privileges. The vulnerability requires valid credentials but no user interaction, enabling complete compromise of device confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0854 HIGH This Week

Merit LILIN DVR/NVR devices allow authenticated remote attackers to execute arbitrary operating system commands through command injection, enabling complete system compromise. An attacker with valid credentials can bypass application controls and gain full control over the affected device without user interaction. No patch is currently available for this vulnerability, leaving deployed systems at significant risk.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-69269 CRITICAL Act Now

Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.

Broadcom Linux Windows Command Injection Dx Netops Spectrum
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-15502 MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by command injection (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-22688 Go CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-22601 HIGH This Week

Arbitrary command execution in OpenProject versions 16.6.1 and below allows authenticated administrators to execute system commands by manipulating the sendmail binary path configuration and triggering a test email function. An admin-level attacker can leverage this to achieve full system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available, and exploitation requires high privileges but no user interaction.

Command Injection RCE Openproject
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-15501 CRITICAL POC Act Now

Sangfor O&M Management System (through 3.0.8) has a second command injection in /isomp-protocol/protocol/getCmd, also via sessionPath. Public exploit with higher EPSS (1.2%) than the first vulnerability.

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-15500 CRITICAL POC Act Now

Sangfor Operation and Maintenance Management System (through 3.0.8) has OS command injection in /isomp-protocol/protocol/getHis via the sessionPath parameter. Public exploit available, vendor unresponsive.

Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-15499 HIGH POC This Week

Operation And Maintenance Management System versions up to 3.0.8. is affected by command injection (CVSS 8.8).

Java Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-0830 HIGH This Week

Kiro IDE versions before 0.6.18 are vulnerable to command injection when processing maliciously named workspace folders in the GitLab Merge-Request helper, allowing local attackers with user interaction to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction to open a crafted workspace, but no patch is currently available and exploitation requires minimal complexity. Users should restrict workspace access and avoid opening untrusted workspace folders until an update is released.

Gitlab Command Injection
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-66715 MEDIUM This Month

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. [CVSS 6.5 MEDIUM]

Command Injection RCE Odis
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70161 CRITICAL POC Act Now

EDIMAX BR-6208AC V2 router allows command injection through the pppUserName field via system() without sanitization. PoC available.

Command Injection Br 6208ac Firmware RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-69542 CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-46645 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]

Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46644 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.0 MEDIUM]

Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-66052 HIGH This Week

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. [CVSS 7.2 HIGH]

Command Injection Ip7137 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-64091 HIGH This Week

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. [CVSS 8.6 HIGH]

Command Injection Tcis 3 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-64090 CRITICAL Act Now

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

Command Injection RCE IoT Tcis 3 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-0732 LOW POC Monitor

Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-56425 CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-67089 HIGH POC This Week

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. [CVSS 8.1 HIGH]

Command Injection Gl Axt1800 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-22035 HIGH POC PATCH This Week

Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.

Windows Command Injection Greenshot
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2019-25289 HIGH POC This Week

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2017-20216 CRITICAL POC Act Now

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. [CVSS 9.8 CRITICAL]

PHP Command Injection
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-20215 HIGH POC This Week

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-69262 npm HIGH POC PATCH This Week

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primarily threatens CI/CD build environments where untrusted inputs may flow into env vars or .npmrc files, and publicly available exploit code exists, though it is not listed in CISA KEV and EPSS is very low at 0.08%.

RCE Command Injection Pnpm
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61492 PyPI CRITICAL POC Act Now

terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.

Command Injection Terminal Controller Mcp
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2025-61489 MEDIUM POC THREAT This Month

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]

Command Injection Mcp Shell
NVD GitHub
CVSS 3.1
6.5
EPSS
11.1%
CVE-2025-6225 This Week

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form.

Command Injection
NVD
EPSS
1.5%
CVE-2025-15472 HIGH POC This Week

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]

Command Injection Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-15471 CRITICAL POC Act Now

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Command Injection Tew 713re Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2026-0641 LOW POC Monitor

Command injection in TOTOLINK WA300 firmware (version 5.2cu.7112_B20190227 and earlier) allows authenticated remote attackers to execute arbitrary commands through a malformed UPLOAD_FILENAME parameter in the cstecgi.cgi function. Public exploit code exists for this vulnerability, and no patch is currently available.

Command Injection Wa300 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
3.1%
CVE-2020-36910 HIGH POC This Week

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-64424 HIGH POC This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. [CVSS 8.8 HIGH]

Command Injection Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-67397 CRITICAL Act Now

Passy v1.6.3 password manager allows authenticated administrators to execute arbitrary OS commands via crafted HTTP requests. The scope change from application to OS makes this critical despite requiring high privileges.

Command Injection RCE Passy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-59157 CRITICAL POC Act Now

Coolify, a self-hosted server management platform, allows authenticated users to inject OS commands through the Git Repository field during project creation. A regular member can achieve root-level code execution on the Coolify host with scope change. PoC available.

Command Injection Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2025-5965 HIGH PATCH This Week

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. [CVSS 7.2 HIGH]

Command Injection Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-0581 LOW POC Monitor

Ac1206 Firmware versions up to 15.03.06.23 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.3%
CVE-2025-64124 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-64120 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-15391 LOW POC Monitor

Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.

Command Injection D-Link Dir 806A Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15357 LOW POC Monitor

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Command Injection D-Link Di 7400G Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-69256 npm HIGH POC PATCH This Week

Command injection in Serverless Framework versions 4.29.0 through 4.29.2 allows remote code execution through the experimental MCP server feature (@serverless/mcp package). Attackers can inject arbitrary shell commands via unsanitized input parameters passed to child_process.exec, achieving RCE under server process privileges. Publicly available exploit code exists (GHSA-rwc2-f344-q6w6). Impact is limited to less than 0.1% of users utilizing the experimental serverless mcp feature. EPSS probability is low at 0.05% (16th percentile).

Command Injection RCE Serverless
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-15257 MEDIUM POC This Month

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-15256 MEDIUM POC This Month

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2025-15254 LOW POC Monitor

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Tenda Command Injection W6 S Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.9%
CVE-2025-15192 LOW POC Monitor

Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15191 LOW POC Monitor

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15139 LOW POC Monitor

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Tew 822Dre Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-15133 LOW POC Monitor

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-15132 LOW POC Monitor

Command injection in ZSPACE Z4Pro+ 1.0.0440024 via the /v2/file/safe/open HTTP POST endpoint allows authenticated remote attackers to execute arbitrary commands with limited impact on confidentiality, integrity, and availability. The vulnerability affects the zfilev2_api_open function and has been publicly disclosed with exploit code available; however, the EPSS score of 0.38% (59th percentile) and CVSS scope constraint (SC:N) suggest limited real-world exploitation risk despite authenticated remote access capability.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-15131 LOW POC Monitor

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-66738 HIGH POC This Week

Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.

Command Injection RCE Sip T21 P E2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-15081 LOW Monitor

Command injection in JD Cloud BE6500 4.4.1.r4308 via the ddns_name parameter in the /jdcapi endpoint allows authenticated remote attackers to execute arbitrary commands with limited impact (low confidentiality, integrity, and availability). Public exploit code is available. The vendor has not responded to early disclosure notification, and no patch has been released.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-15048 MEDIUM POC This Month

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Tenda Command Injection Wh450 Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-66213 HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit, though current exploitation probability remains relatively low at 0.20% according to EPSS data. Attackers can achieve full remote code execution with root privileges on the host system by exploiting unsanitized input in the file_storage_directory_source parameter.

Command Injection RCE Coolify
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-66212 HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451, with a publicly available proof-of-concept exploit and moderate exploitation likelihood (EPSS 20%, percentile 41%). Attackers can achieve full remote code execution with root privileges by injecting shell commands through unescaped proxy configuration filenames.

Command Injection RCE Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-66211 HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE Privilege Escalation Docker +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66210 HIGH POC This Week

A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions.

Command Injection RCE Docker Linux Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66209 CRITICAL POC PATCH Act Now

A command injection vulnerability in Coolify's Database Backup functionality allows authenticated users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit. With a CVSS score of 9.9 and confirmed exploitation code available, this represents a critical risk for organizations using Coolify to manage their infrastructure.

Command Injection RCE Coolify
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-14648 LOW POC Monitor

Command injection in DedeBIZ up to version 6.5.9 allows authenticated high-privilege administrators to execute arbitrary system commands via the /src/admin/catalog_add.php endpoint. The vulnerability requires high-privilege authentication (PR:H in CVSS v4.0) and has publicly available exploit code, but real-world risk is constrained by the authentication requirement and limited scope of impact (CVSS 2.0, EPSS 0.28%).

PHP Command Injection Dedebiz
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-14586 LOW POC Monitor

OS command injection in TOTOLINK X5000R firmware 9.1.0cu.2089_B20211224 allows authenticated remote attackers to execute arbitrary system commands via the User parameter in the /cgi-bin/cstecgi.cgi exportOvpn function. The vulnerability requires valid login credentials but results in complete system compromise once authenticated. Public exploit code is available, and the CVSS score of 2.1 significantly underrepresents the true risk due to the low-impact scoring parameters masking the severity of unauthenticated command execution in a network-accessible management interface.

Command Injection X5000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.7%
CVE-2025-67508 Go HIGH PATCH This Week

A command injection vulnerability in gardenctl allows attackers with administrative privileges in a Gardener project to inject malicious commands through crafted credential values when non-POSIX shells (Fish, PowerShell) are used by service operators. The vulnerability affects gardenctl versions 2.11.0 and below, enabling attackers to break out of string contexts and execute arbitrary commands with potentially high impact on confidentiality, integrity, and availability. With an EPSS score of only 0.06% and no known exploitation in the wild or public POC, this represents a lower real-world risk despite the high CVSS score of 8.4.

Command Injection Privilege Escalation Gardenctl Suse
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-14485 LOW Monitor

Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.

Command Injection
NVD VulDB
CVSS 4.0
1.3
EPSS
1.2%
CVE-2025-67511 PyPI CRITICAL POC PATCH Act Now

A critical command injection vulnerability exists in the Cybersecurity AI (CAI) framework versions 0.5.9 and below, allowing attackers to execute arbitrary commands through unsanitized SSH parameters (username, host, port) in the run_ssh_command_with_credentials() function accessible to AI agents. The vulnerability has a publicly available proof-of-concept exploit and enables remote code execution with potential for complete system compromise, though real-world exploitation probability remains relatively low at 0.12% EPSS score despite the high CVSS rating of 9.6.

Command Injection SSH AI / ML RCE Cybersecurity Ai
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-65882 CRITICAL POC PATCH Act Now

OS command injection in OpenMPTCProuter through version 0.64 lets attackers write arbitrary files or execute arbitrary commands via the create_xor_ipad_opad function in the sysupgrade helper (common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c). Publicly available exploit code exists (published as a GitHub gist), and a vendor fix is available as an upstream commit; the flaw is not listed in CISA KEV and carries a modest EPSS of 0.59% (44th percentile), indicating no confirmed active exploitation at time of analysis. The submitted CVSS of 9.8 assumes remote unauthenticated access, but because the vulnerable code path is a firmware-upgrade helper, real-world exploitation likely depends on access to the router's upgrade functionality — verify against your deployment.

Command Injection Openmptcprouter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-53679 HIGH This Week

Authenticated OS command injection in Fortinet FortiSandbox (versions 5.0.0-5.0.2, 4.4.0-4.4.7, all 4.2.x, all 4.0.x) and FortiSandbox Cloud (24.1 and all 23.x) allows a high-privileged remote attacker to execute arbitrary commands by sending crafted HTTP/HTTPS requests to the management interface. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but the breadth of affected major versions and the network-reachable attack surface make this a notable post-authentication risk for security appliance operators.

Command Injection Fortinet Fortisandbox Fortisandbox Cloud
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-11022 CRITICAL Act Now

Cross-site request forgery in Panilux versions before 0.10.0 can be chained to command injection, allowing remote attackers to execute arbitrary operating system commands when an authenticated user is tricked into visiting a malicious page. The CVSS 9.6 (AV:N/AC:L/PR:N/UI:R/S:C) reflects scope change and full CIA impact, though exploitation requires user interaction and the affected vendor has denied ownership of the product, complicating disclosure. EPSS is very low at 0.04% (11th percentile) and no public exploit is identified at time of analysis.

CSRF Command Injection
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. [CVSS 7.8 HIGH]

Linux Industrial Denial Of Service +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arbitrary commands on their machine through unsanitized input. An attacker with local access could exploit this to compromise the affected system, though no patch is currently available.

Spring Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Webgrind 1.1 has unauthenticated command injection via the dataFile parameter in index.php. The profiling tool executes OS commands directly from URL parameters. PoC available.

PHP Command Injection Webgrind
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]

Golang RCE Command Injection
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. [CVSS 6.5 MEDIUM]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. [CVSS 7.2 HIGH]

Command Injection Arubaos
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier via OS command injection allows attackers to execute arbitrary commands on affected systems when a victim opens a malicious file. The vulnerability requires local access and user interaction but impacts all confidentiality, integrity, and availability of the system. No patch is currently available.

Command Injection Dreamweaver
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available.

Fortinet Command Injection Fortisiem
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available.

Netgear Command Injection Xr1000v2 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw.

Netgear Command Injection Rbs860 Firmware +11
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions.

Netgear Command Injection Rbs850 Firmware +9
NVD
EPSS 1%
Monitor

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.

Command Injection
NVD
EPSS 0% CVSS 8.4
HIGH This Week

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]

RCE Command Injection Multi Tenant Hypervisor +3
NVD
EPSS 0% CVSS 8.4
HIGH This Week

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters [CVSS 8.4 HIGH]

RCE Command Injection Ecs Connection Manager +4
NVD
EPSS 1% CVSS 8.4
HIGH This Week

SAP Application Server for ABAP and NetWeaver RFCSDK contain an OS command injection vulnerability that allows authenticated administrators with adjacent network access to execute arbitrary system commands by uploading malicious content. Successful exploitation results in complete system compromise affecting confidentiality, integrity, and availability. No patch is currently available.

SAP Command Injection
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.

SAP Java Command Injection +1
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.

SAP Command Injection
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.

SAP Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

orval (TypeScript API client generator) before 7.18.0 has code injection via OpenAPI specification summary fields in MCP server generation. Malicious API specs can inject arbitrary code into generated TypeScript. PoC available, patch available.

Command Injection RCE Orval
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

TinyWeb HTTP Server before 1.98 has OS command injection via CGI ISINDEX query parameters. The query string is passed as command-line arguments to CGI executables through Windows CreateProcess(), allowing unauthenticated RCE. Patch available.

Windows Command Injection Tinyweb
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Merit LILIN IP Camera models contain an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands on affected devices with high privileges. The vulnerability requires valid credentials but no user interaction, enabling complete compromise of device confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Command Injection
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Merit LILIN DVR/NVR devices allow authenticated remote attackers to execute arbitrary operating system commands through command injection, enabling complete system compromise. An attacker with valid credentials can bypass application controls and gain full control over the affected device without user interaction. No patch is currently available for this vulnerability, leaving deployed systems at significant risk.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure.

Broadcom Linux Windows +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Operation And Maintenance Security Management System versions up to 3.0.8. is affected by command injection (CVSS 7.3).

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary command execution in OpenProject versions 16.6.1 and below allows authenticated administrators to execute system commands by manipulating the sendmail binary path configuration and triggering a test email function. An admin-level attacker can leverage this to achieve full system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available, and exploitation requires high privileges but no user interaction.

Command Injection RCE Openproject
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Sangfor O&M Management System (through 3.0.8) has a second command injection in /isomp-protocol/protocol/getCmd, also via sessionPath. Public exploit with higher EPSS (1.2%) than the first vulnerability.

Command Injection Operation And Maintenance Security Management System
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Sangfor Operation and Maintenance Management System (through 3.0.8) has OS command injection in /isomp-protocol/protocol/getHis via the sessionPath parameter. Public exploit available, vendor unresponsive.

Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Operation And Maintenance Management System versions up to 3.0.8. is affected by command injection (CVSS 8.8).

Java Command Injection Operation And Maintenance Management System
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Kiro IDE versions before 0.6.18 are vulnerable to command injection when processing maliciously named workspace folders in the GitLab Merge-Request helper, allowing local attackers with user interaction to execute arbitrary commands with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction to open a crafted workspace, but no patch is currently available and exploitation requires minimal complexity. Users should restrict workspace access and avoid opening untrusted workspace folders until an update is released.

Gitlab Command Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. [CVSS 6.5 MEDIUM]

Command Injection RCE Odis
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

EDIMAX BR-6208AC V2 router allows command injection through the pppUserName field via system() without sanitization. PoC available.

Command Injection Br 6208ac Firmware RCE
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-895L router has command injection in the DHCP daemon via the hostname parameter during lease renewal. Any device requesting a DHCP lease with a malicious hostname achieves root code execution on the router. PoC available.

D-Link Command Injection Dir 895la1 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.5 MEDIUM]

Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. [CVSS 6.0 MEDIUM]

Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. [CVSS 7.2 HIGH]

Command Injection Ip7137 Firmware
NVD
EPSS 0% CVSS 8.6
HIGH This Week

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. [CVSS 8.6 HIGH]

Command Injection Tcis 3 Firmware
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.

Command Injection RCE IoT +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DI-8200G firmware version 17.12.20A1 via the /upgrade_filter.asp path parameter allows authenticated remote attackers to execute arbitrary commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

D-Link Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. [CVSS 8.1 HIGH]

Command Injection Gl Axt1800 Firmware
NVD
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Arbitrary command execution in Greenshot 1.3.310 and earlier stems from insufficient input validation in filename processing, where unsanitized user-supplied filenames are passed directly to shell commands. An attacker can exploit this through a malicious filename containing shell metacharacters to achieve local code execution with user privileges. Public exploit code exists for this vulnerability; users should upgrade to version 1.3.311 or later.

Windows Command Injection Greenshot
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. [CVSS 9.8 CRITICAL]

PHP Command Injection
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primarily threatens CI/CD build environments where untrusted inputs may flow into env vars or .npmrc files, and publicly available exploit code exists, though it is not listed in CISA KEV and EPSS is very low at 0.08%.

RCE Command Injection Pnpm
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

terminal-controller-mcp 0.1.7, an MCP (Model Context Protocol) server for terminal control, has command injection in execute_command that allows arbitrary command execution. Maximum CVSS 10.0 with scope change – compromising the MCP server grants control over all connected AI agents.

Command Injection Terminal Controller Mcp
NVD GitHub
EPSS 11% CVSS 6.5
MEDIUM POC THREAT This Month

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. [CVSS 6.5 MEDIUM]

Command Injection Mcp Shell
NVD GitHub
EPSS 1%
This Week

Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . [CVSS 7.2 HIGH]

Command Injection Tew 811dru Firmware
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Command Injection Tew 713re Firmware
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in TOTOLINK WA300 firmware (version 5.2cu.7112_B20190227 and earlier) allows authenticated remote attackers to execute arbitrary commands through a malformed UPLOAD_FILENAME parameter in the cstecgi.cgi function. Public exploit code exists for this vulnerability, and no patch is currently available.

Command Injection Wa300 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. [CVSS 8.8 HIGH]

Command Injection
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. [CVSS 8.8 HIGH]

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Passy v1.6.3 password manager allows authenticated administrators to execute arbitrary OS commands via crafted HTTP requests. The scope change from application to OS makes this critical despite requiring high privileges.

Command Injection RCE Passy
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC Act Now

Coolify, a self-hosted server management platform, allows authenticated users to inject OS commands through the Git Repository field during project creation. A regular member can achieve root-level code execution on the Coolify host with scope change. PoC available.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. [CVSS 7.2 HIGH]

Command Injection Centreon Web
NVD GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Ac1206 Firmware versions up to 15.03.06.23 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in the SSDP Request Handler (ssdpcgi_main function) of D-Link DIR-806A firmware 100CNb11 allows remote authenticated attackers to execute arbitrary commands with low integrity and availability impact. Publicly available exploit code exists, but the vulnerability affects only end-of-life firmware with minimal real-world exploitation probability (EPSS 0.11%) due to low privilege requirements and limited scope of impact.

Command Injection D-Link Dir 806A Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Command Injection D-Link Di 7400G Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Command injection in Serverless Framework versions 4.29.0 through 4.29.2 allows remote code execution through the experimental MCP server feature (@serverless/mcp package). Attackers can inject arbitrary shell commands via unsanitized input parameters passed to child_process.exec, achieving RCE under server process privileges. Publicly available exploit code exists (GHSA-rwc2-f344-q6w6). Impact is limited to less than 0.1% of users utilizing the experimental serverless mcp feature. EPSS probability is low at 0.05% (16th percentile).

Command Injection RCE Serverless
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection Br 6208ac Firmware
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Tenda Command Injection W6 S Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Tew 822Dre Firmware
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in ZSPACE Z4Pro+ 1.0.0440024 via the /v2/file/safe/open HTTP POST endpoint allows authenticated remote attackers to execute arbitrary commands with limited impact on confidentiality, integrity, and availability. The vulnerability affects the zfilev2_api_open function and has been publicly disclosed with exploit code available; however, the EPSS score of 0.38% (59th percentile) and CVSS scope constraint (SC:N) suggest limited real-world exploitation risk despite authenticated remote access capability.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

Command Injection Z4Pro Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.

Command Injection RCE Sip T21 P E2 Firmware
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Command injection in JD Cloud BE6500 4.4.1.r4308 via the ddns_name parameter in the /jdcapi endpoint allows authenticated remote attackers to execute arbitrary commands with limited impact (low confidentiality, integrity, and availability). Public exploit code is available. The vendor has not responded to early disclosure notification, and no patch has been released.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Tenda Command Injection Wh450 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit, though current exploitation probability remains relatively low at 0.20% according to EPSS data. Attackers can achieve full remote code execution with root privileges on the host system by exploiting unsanitized input in the file_storage_directory_source parameter.

Command Injection RCE Coolify
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

An authenticated command injection vulnerability in Coolify's Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451, with a publicly available proof-of-concept exploit and moderate exploitation likelihood (EPSS 20%, percentile 41%). Attackers can achieve full remote code execution with root privileges by injecting shell commands through unescaped proxy configuration filenames.

Command Injection RCE Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions.

Command Injection RCE Docker +2
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

A command injection vulnerability in Coolify's Database Backup functionality allows authenticated users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit. With a CVSS score of 9.9 and confirmed exploitation code available, this represents a critical risk for organizations using Coolify to manage their infrastructure.

Command Injection RCE Coolify
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in DedeBIZ up to version 6.5.9 allows authenticated high-privilege administrators to execute arbitrary system commands via the /src/admin/catalog_add.php endpoint. The vulnerability requires high-privilege authentication (PR:H in CVSS v4.0) and has publicly available exploit code, but real-world risk is constrained by the authentication requirement and limited scope of impact (CVSS 2.0, EPSS 0.28%).

PHP Command Injection Dedebiz
NVD GitHub VulDB
EPSS 2% CVSS 2.1
LOW POC Monitor

OS command injection in TOTOLINK X5000R firmware 9.1.0cu.2089_B20211224 allows authenticated remote attackers to execute arbitrary system commands via the User parameter in the /cgi-bin/cstecgi.cgi exportOvpn function. The vulnerability requires valid login credentials but results in complete system compromise once authenticated. Public exploit code is available, and the CVSS score of 2.1 significantly underrepresents the true risk due to the low-impact scoring parameters masking the severity of unauthenticated command execution in a network-accessible management interface.

Command Injection X5000r Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A command injection vulnerability in gardenctl allows attackers with administrative privileges in a Gardener project to inject malicious commands through crafted credential values when non-POSIX shells (Fish, PowerShell) are used by service operators. The vulnerability affects gardenctl versions 2.11.0 and below, enabling attackers to break out of string contexts and execute arbitrary commands with potentially high impact on confidentiality, integrity, and availability. With an EPSS score of only 0.06% and no known exploitation in the wild or public POC, this represents a lower real-world risk despite the high CVSS score of 8.4.

Command Injection Privilege Escalation Gardenctl +1
NVD GitHub VulDB
EPSS 1% CVSS 1.3
LOW Monitor

Command injection in EFM ipTIME A3004T firmware version 14.19.0 allows authenticated remote attackers to execute arbitrary commands via malformed input to the aaksjdkfj parameter in the show_debug_screen function of /sess-bin/timepro.cgi. Public exploit code is available, but the vulnerability has a high attack complexity requirement and the vendor has not issued a patch despite early disclosure notification.

Command Injection
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL POC PATCH Act Now

A critical command injection vulnerability exists in the Cybersecurity AI (CAI) framework versions 0.5.9 and below, allowing attackers to execute arbitrary commands through unsanitized SSH parameters (username, host, port) in the run_ssh_command_with_credentials() function accessible to AI agents. The vulnerability has a publicly available proof-of-concept exploit and enables remote code execution with potential for complete system compromise, though real-world exploitation probability remains relatively low at 0.12% EPSS score despite the high CVSS rating of 9.6.

Command Injection SSH AI / ML +2
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

OS command injection in OpenMPTCProuter through version 0.64 lets attackers write arbitrary files or execute arbitrary commands via the create_xor_ipad_opad function in the sysupgrade helper (common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c). Publicly available exploit code exists (published as a GitHub gist), and a vendor fix is available as an upstream commit; the flaw is not listed in CISA KEV and carries a modest EPSS of 0.59% (44th percentile), indicating no confirmed active exploitation at time of analysis. The submitted CVSS of 9.8 assumes remote unauthenticated access, but because the vulnerable code path is a firmware-upgrade helper, real-world exploitation likely depends on access to the router's upgrade functionality — verify against your deployment.

Command Injection Openmptcprouter
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated OS command injection in Fortinet FortiSandbox (versions 5.0.0-5.0.2, 4.4.0-4.4.7, all 4.2.x, all 4.0.x) and FortiSandbox Cloud (24.1 and all 23.x) allows a high-privileged remote attacker to execute arbitrary commands by sending crafted HTTP/HTTPS requests to the management interface. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but the breadth of affected major versions and the network-reachable attack surface make this a notable post-authentication risk for security appliance operators.

Command Injection Fortinet Fortisandbox +1
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-site request forgery in Panilux versions before 0.10.0 can be chained to command injection, allowing remote attackers to execute arbitrary operating system commands when an authenticated user is tricked into visiting a malicious page. The CVSS 9.6 (AV:N/AC:L/PR:N/UI:R/S:C) reflects scope change and full CIA impact, though exploitation requires user interaction and the affected vendor has denied ownership of the product, complicating disclosure. EPSS is very low at 0.04% (11th percentile) and no public exploit is identified at time of analysis.

CSRF Command Injection
NVD VulDB
Prev Page 18 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy