Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-50722 CRITICAL POC Act Now

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Sparkshop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-29523 HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-44179 MEDIUM This Month

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-29522 MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-29519 MEDIUM POC This Month

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-29517 MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-29516 HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-9387 LOW POC Monitor

A vulnerability was found in DCN DCME-720 9.1.5.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-57771 HIGH This Month

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-57105 CRITICAL POC Act Now

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 7400G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-55637 CRITICAL POC Act Now

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart 2K Plug In Wi Fi Video Doorbell With Chime Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-41451 HIGH This Month

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-3128 CRITICAL This Week

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-48978 HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-24285 CRITICAL This Week

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-9262 npm LOW POC Monitor

A flaw has been found in wong2 mcp-cli 1.13.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.2%
CVE-2025-9244 LOW POC Monitor

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-6183 HIGH This Week

The StrongDM macOS client incorrectly processed JSON-formatted messages. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple macOS
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-6181 HIGH This Week

The StrongDM Windows service incorrectly handled input validation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-57733 MEDIUM This Month

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-9176 LOW Monitor

A security flaw has been discovered in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-9174 LOW Monitor

A vulnerability was determined in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-52337 MEDIUM This Month

An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9149 LOW POC Monitor

A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-55294 npm CRITICAL PATCH This Week

screenshot-desktop allows capturing a screenshot of your local machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-50461 MEDIUM This Month

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Deserialization RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55591 CRITICAL POC Act Now

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2025-55590 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2025-55589 MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2025-55283 CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PostgreSQL Privilege Escalation Aiven Db Migrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-31715 CRITICAL This Week

In vowifi service, there is a possible command injection due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-31713 HIGH This Month

In engineer mode service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-9090 LOW POC Monitor

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB Exploit-DB
CVSS 4.0
2.1
EPSS
2.0%
CVE-2025-55284 npm HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-9026 MEDIUM POC This Month

A vulnerability was identified in D-Link DIR-860L 2.04.B04. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-50817 MEDIUM PATCH This Month

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection RCE Red Hat Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-50515 MEDIUM This Month

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20306 MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-20220 MEDIUM This Month

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-8876 CRITICAL KEV THREAT Emergency

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerability to CVE-2025-8875.

Command Injection N Central
NVD
CVSS 4.0
9.4
EPSS
7.8%
CVE-2025-43984 CRITICAL This Week

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-53946 HIGH This Month

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-53945 HIGH This Month

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-8956 LOW POC Monitor

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8937 LOW Monitor

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.6%
CVE-2012-10059 CRITICAL POC THREAT Emergency

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
43.6%
Threat
4.7
CVE-2025-43989 MEDIUM This Month

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50946 Go MEDIUM POC PATCH This Month

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Olivetin Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2025-45317 MEDIUM POC This Week

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Hortusfox
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23294 HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE Denial Of Service Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54382 CRITICAL POC Act Now

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Cherry Studio
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2025-54074 HIGH POC PATCH This Month

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cherry Studio
NVD GitHub
CVSS 4.0
7.7
EPSS
1.4%
CVE-2025-49813 HIGH This Month

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiadc
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-47857 MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet RCE Fortiweb
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-27759 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-25256 CRITICAL POC THREAT CERT-EU Emergency

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available.

Command Injection Fortinet Fortisiem
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
Threat
4.8
CVE-2025-53773 HIGH POC This Month

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2012-10040 CRITICAL POC THREAT Emergency

Openfiler v2.x contains a command injection vulnerability in the system.html page. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.2%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
52.2%
Threat
4.9
CVE-2012-10039 CRITICAL POC THREAT Emergency

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
43.6%
Threat
4.7
CVE-2012-10037 CRITICAL POC THREAT Emergency

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
62.6%
Threat
5.2
CVE-2025-8830 LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8829 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8828 LOW POC Monitor

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8827 LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8825 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8823 LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8821 LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8818 LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8752 MEDIUM POC This Month

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2012-10048 HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
50.2%
Threat
4.7
CVE-2012-10046 CRITICAL POC THREAT Emergency

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.9%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
52.9%
Threat
4.9
CVE-2012-10041 CRITICAL POC THREAT Emergency

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
53.6%
Threat
5.0
CVE-2025-8748 HIGH This Month

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-54958 MEDIUM This Month

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-58257 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-58256 MEDIUM Monitor

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2024-58255 MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-53787 HIGH This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure 365 Copilot Chat
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-53774 MEDIUM This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure 365 Copilot Chat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8697 LOW POC Monitor

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-54393 MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Directory Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-34152 CRITICAL POC THREAT Emergency

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
13.7%
CVE-2025-34151 CRITICAL This Week

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
2.3%
CVE-2025-34150 CRITICAL This Week

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-34149 CRITICAL This Week

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-34148 CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-47188 MEDIUM POC This Month

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2025-7769 HIGH POC This Week

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
3.6%
CVE-2025-8667 LOW POC Monitor

A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-8665 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5.py of the component Model Context Protocol Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection RCE
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in DCN DCME-720 9.1.5.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Month

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 7400G Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart 2K Plug In Wi Fi Video Doorbell With Chime Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
EPSS 0% CVSS 2.9
LOW POC Monitor

A flaw has been found in wong2 mcp-cli 1.13.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH This Week

The StrongDM macOS client incorrectly processed JSON-formatted messages. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple macOS
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The StrongDM Windows service incorrectly handled input validation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
EPSS 0% CVSS 1.9
LOW Monitor

A security flaw has been discovered in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was determined in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload RCE
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

screenshot-desktop allows capturing a screenshot of your local machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Deserialization RCE
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PostgreSQL Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL This Week

In vowifi service, there is a possible command injection due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In engineer mode service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in D-Link DIR-860L 2.04.B04. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
EPSS 8% CVSS 9.4
CRITICAL KEV THREAT Emergency

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerability to CVE-2025-8875.

Command Injection N Central
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection CSRF
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW Monitor

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 44% 4.7 CVSS 9.4
CRITICAL POC THREAT Emergency

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Olivetin Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE +2
NVD
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Cherry Studio
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC PATCH This Month

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cherry Studio
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiadc
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
EPSS 45% 4.8 CVSS 9.8
CRITICAL POC THREAT Emergency

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available.

Command Injection Fortinet Fortisiem
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Month

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Visual Studio 2022
NVD
EPSS 52% 4.9 CVSS 9.4
CRITICAL POC THREAT Emergency

Openfiler v2.x contains a command injection vulnerability in the system.html page. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.2%.

Command Injection
NVD Exploit-DB
EPSS 44% 4.7 CVSS 9.4
CRITICAL POC THREAT Emergency

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection RCE
NVD Exploit-DB
EPSS 63% 5.2 CVSS 9.3
CRITICAL POC THREAT Emergency

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java
NVD VulDB
EPSS 50% 4.7 CVSS 8.7
HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
EPSS 53% 4.9 CVSS 9.3
CRITICAL POC THREAT Emergency

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.9%.

Command Injection
NVD Exploit-DB
EPSS 54% 5.0 CVSS 9.3
CRITICAL POC THREAT Emergency

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Month

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 4.5
MEDIUM Monitor

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Directory Manager
NVD
EPSS 14% CVSS 9.4
CRITICAL POC THREAT Emergency

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.4
CRITICAL This Week

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 4% CVSS 8.7
HIGH POC This Week

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE +1
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5.py of the component Model Context Protocol Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
Prev Page 23 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy