Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-11138 LOW POC Monitor

A vulnerability was found in mirweiye wenkucms up to 3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-11121 LOW POC Monitor

A security vulnerability has been detected in Tenda AC18 15.03.05.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-11100 LOW POC Monitor

A vulnerability was identified in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11099 LOW POC Monitor

A vulnerability was determined in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11098 LOW POC Monitor

A vulnerability was found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11097 LOW POC Monitor

A vulnerability has been found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11096 LOW POC Monitor

A flaw has been found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11095 LOW POC Monitor

A vulnerability was detected in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11092 LOW POC Monitor

A weakness has been identified in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11073 LOW POC Monitor

A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-11045 MEDIUM This Month

A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
0.5%
CVE-2025-59844 HIGH This Month

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Windows
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-55848 HIGH POC This Week

An issue was discovered in DIR-823 firmware 20250416. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 823x Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-35027 HIGH POC This Month

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G1 Firmware Go2 Firmware H1 Firmware B2 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-60017 HIGH This Month

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta). Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-56769 Maven MEDIUM POC PATCH This Month

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Hutool
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11005 CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1458_B20250708. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
9.3
EPSS
1.2%
CVE-2025-59817 HIGH This Month

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-59815 HIGH This Month

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-10964 LOW POC Monitor

A weakness has been identified in Wavlink NU516U1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-29157 MEDIUM POC This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-10963 LOW POC Monitor

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10962 LOW POC Monitor

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-29155 MEDIUM This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-10961 MEDIUM POC This Month

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-10960 LOW POC Monitor

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10959 LOW POC Monitor

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-10958 LOW POC Monitor

A flaw has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-34227 HIGH POC This Week

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Nagios Xi
NVD
CVSS 4.0
8.6
EPSS
2.2%
CVE-2025-43943 MEDIUM This Month

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloud Disaster Recovery
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-27262 HIGH This Month

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ericsson Indoor Connect 8855 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-59834 npm CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server Android
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-59831 npm HIGH POC PATCH This Week

git-commiters is a Node.js function module providing committers stats for their git repository. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Git Commiters
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-52907 HIGH This Week

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.4.0cu.1360_B20241207. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-52906 CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1360_B20241207. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-20334 HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56819 CRITICAL POC Act Now

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2025-57636 MEDIUM POC This Week

OS Command injection vulnerability in D-Link C1 2020-02-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Di 7100G Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2025-59534 HIGH POC PATCH This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Cryptolib
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-45326 MEDIUM POC PATCH This Week

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Pocketvj Control Panel Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57639 MEDIUM POC This Month

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
4.2%
CVE-2025-29083 MEDIUM POC This Month

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE SQLi Csz Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9846 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-9588 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-9494 HIGH This Month

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-10814 LOW POC Monitor

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-57685 HIGH This Week

The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-43953 HIGH This Month

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10775 LOW POC Monitor

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-10774 LOW Monitor

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-10767 LOW Monitor

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. Rated low severity (CVSS 2.0). No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
1.1
EPSS
0.2%
CVE-2025-59689 MEDIUM KEV THREAT Act Now

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Command Injection Email Security Gateway
NVD
CVSS 3.1
6.1
EPSS
6.9%
CVE-2025-10568 MEDIUM This Month

HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP RCE Ngenuity
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-48703 CRITICAL POC KEV THREAT Emergency

CentOS Web Panel (CWP) allows unauthenticated remote code execution through OS command injection in the filemanager changePerm request's t_total parameter.

Command Injection RCE Webpanel
NVD
CVSS 3.1
9.0
EPSS
59.1%
Threat
6.6
CVE-2025-57296 MEDIUM POC This Month

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-10035 CRITICAL POC KEV THREAT Emergency

Fortra GoAnywhere MFT contains a deserialization vulnerability in the License Servlet allowing command injection through crafted license response signatures.

Command Injection Deserialization Goanywhere Managed File Transfer
NVD
CVSS 3.1
10.0
EPSS
58.8%
Threat
6.8
CVE-2025-57293 HIGH POC This Week

A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10689 LOW POC Monitor

A vulnerability was identified in D-Link DIR-645 105B01.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-36143 MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-55911 MEDIUM POC This Month

An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Clipbucket
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-49565 HIGH This Week

The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Python Command Injection RCE
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-10634 LOW POC Monitor

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10629 LOW POC Monitor

A vulnerability was determined in D-Link DIR-852 1.00CN B09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10628 LOW POC Monitor

A vulnerability was found in D-Link DIR-852 1.00CN B09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-23316 CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Nvidia RCE Microsoft +4
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-10619 npm LOW PATCH Monitor

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.5%
CVE-2025-59458 HIGH This Week

In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE Junie
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-9972 CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-59518 HIGH This Week

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Red Hat
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-58116 HIGH This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-10589 HIGH This Month

The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-37129 MEDIUM This Month

A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-37126 HIGH This Month

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-34187 CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privilege Escalation Eve X1 Server Firmware
NVD
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-34186 CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
9.3
EPSS
1.7%
CVE-2025-34184 CRITICAL POC Act Now

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection PHP Eve X1 Server Firmware
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2025-56706 HIGH POC This Week

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Br 6473Ax Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-55211 MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Freepbx
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-52053 CRITICAL POC THREAT Emergency

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
66.1%
CVE-2025-59377 PyPI LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59376 PyPI LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-59361 Go CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-59360 Go CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-59359 Go CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-10442 LOW POC Monitor

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10441 LOW POC Monitor

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10440 LOW Monitor

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-10401 LOW POC Monitor

A vulnerability was detected in D-Link DIR-823x up to 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-10359 MEDIUM POC This Month

A vulnerability was detected in Wavlink WL-WN578W2 221110. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-10358 MEDIUM POC This Month

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in mirweiye wenkucms up to 3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in Tenda AC18 15.03.05.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A flaw has been found in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was detected in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in D-Link DIR-823X 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 5.5
MEDIUM This Month

A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Month

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Windows
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in DIR-823 firmware 20250416. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 823x Firmware
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC This Month

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G1 Firmware Go2 Firmware +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Month

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta). Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Hutool
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1458_B20250708. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.4
HIGH This Month

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in Wavlink NU516U1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Swagger Petstore
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A flaw has been found in Wavlink NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 8.6
HIGH POC This Week

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Nagios Xi
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Cloud Disaster Recovery
NVD
EPSS 0% CVSS 8.5
HIGH This Month

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ericsson Indoor Connect 8855 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Google Adb Mcp Server +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

git-commiters is a Node.js function module providing committers stats for their git repository. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Git Commiters
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.4.0cu.1360_B20241207. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.4.0cu.1360_B20241207. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Apple
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Datart
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Week

OS Command injection vulnerability in D-Link C1 2020-02-21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Di 7100G Firmware
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Cryptolib
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM POC This Month

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac9 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +2
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Month

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 0% CVSS 1.1
LOW Monitor

A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. Rated low severity (CVSS 2.0). No vendor patch available.

Command Injection
NVD VulDB
EPSS 7% CVSS 6.1
MEDIUM KEV THREAT Act Now

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Command Injection Email Security Gateway
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP RCE +1
NVD
EPSS 59% 6.6 CVSS 9.0
CRITICAL POC KEV THREAT Emergency

CentOS Web Panel (CWP) allows unauthenticated remote code execution through OS command injection in the filemanager changePerm request's t_total parameter.

Command Injection RCE Webpanel
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac6 Firmware
NVD GitHub
EPSS 59% 6.8 CVSS 10.0
CRITICAL POC KEV THREAT Emergency

Fortra GoAnywhere MFT contains a deserialization vulnerability in the License Servlet allowing command injection through crafted license response signatures.

Command Injection Deserialization Goanywhere Managed File Transfer
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in D-Link DIR-645 105B01.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM Monitor

IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Watsonx Data
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Clipbucket
NVD Exploit-DB
EPSS 0% CVSS 8.4
HIGH This Week

The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Python Command Injection RCE
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in D-Link DIR-852 1.00CN B09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DIR-852 1.00CN B09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL This Week

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Nvidia +6
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH This Week

In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE Junie
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.0
HIGH This Week

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Red Hat
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.7
HIGH This Month

The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.2
HIGH This Month

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privilege Escalation Eve X1 Server Firmware
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD VulDB
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection PHP +1
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Br 6473Ax Firmware
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

FreePBX is an open-source web-based graphical user interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Freepbx
NVD GitHub
EPSS 66% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Command Injection X6000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 3.7
LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
EPSS 0% CVSS 3.7
LOW Monitor

feiskyer mcp-kubernetes-server through 0.1.11 does not consider chained commands in the implementation of --disable-write and --disable-delete, e.g., it allows a "kubectl version; kubectl delete pod". Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Kubernetes Mcp Kubernetes Server
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was detected in D-Link DIR-823x up to 250416. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in Wavlink WL-WN578W2 221110. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
Prev Page 21 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy