Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-22469 MEDIUM This Month

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-8655 MEDIUM This Month

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8654 HIGH This Month

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-8652 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8651 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8650 MEDIUM This Month

Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8649 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8648 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8647 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8646 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8645 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8644 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8643 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8642 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8641 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8640 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8639 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8638 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8637 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8636 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8635 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8634 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8633 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8632 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8631 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8630 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8629 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8628 MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2013-10069 CRITICAL POC THREAT Emergency

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Command Injection PHP D-Link Dir 600 Firmware Dir 300 Firmware
NVD Exploit-DB
CVSS 4.0
10.0
EPSS
71.7%
Threat
5.7
CVE-2012-10033 CRITICAL POC THREAT Emergency

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
60.7%
Threat
5.2
CVE-2012-10029 HIGH POC THREAT Act Now

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection PHP RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2012-10028 HIGH POC THREAT Act Now

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.7%.

Command Injection RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
53.7%
Threat
4.8
CVE-2025-45512 MEDIUM POC PATCH This Week

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE U Boot Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50688 MEDIUM POC This Week

A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload RCE Twistedweb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-43978 HIGH This Month

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-43979 HIGH This Month

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-2611 CRITICAL POC THREAT Emergency

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 74.3% and no vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
74.3%
Threat
5.6
CVE-2025-54987 CRITICAL PATCH This Week

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
0.8%
CVE-2025-54948 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.

Command Injection Apex One
NVD
CVSS 3.1
9.4
EPSS
4.5%
CVE-2025-54795 npm HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-54135 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-27212 CRITICAL This Week

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27211 HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-51390 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-34147 CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-44961 CRITICAL This Week

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-44960 HIGH This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-30099 HIGH This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30098 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30097 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30096 MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-36607 HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36606 HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36604 HIGH POC THREAT Act Now

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

Dell Command Injection Unity Operating Environment
NVD GitHub
CVSS 3.1
7.3
EPSS
14.3%
CVE-2025-54782 npm CRITICAL POC PATCH THREAT Act Now

Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Command Injection RCE Node.js Devtools Integration
NVD GitHub
CVSS 4.0
9.4
EPSS
22.1%
Threat
4.0
CVE-2025-54136 HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Cursor
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-54133 MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Information Disclosure Cursor
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-54424 Go HIGH POC PATCH This Week

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Command Injection RCE 1panel Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-54131 MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2013-10061 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear Command Injection Dgn1000B Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
73.1%
Threat
5.4
CVE-2013-10060 CRITICAL POC THREAT Emergency

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.0%.

Netgear Command Injection Dgn2200B Firmware
NVD Exploit-DB
CVSS 4.0
9.4
EPSS
61.0%
Threat
5.2
CVE-2013-10059 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Command Injection D-Link Dir 615H Firmware
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
50.8%
Threat
4.7
CVE-2013-10058 HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection Linksys RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
46.6%
Threat
4.6
CVE-2013-10053 HIGH POC THREAT Act Now

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
59.6%
Threat
5.0
CVE-2013-10050 HIGH POC THREAT Act Now

An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

Command Injection D-Link
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
61.9%
Threat
5.1
CVE-2013-10049 CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in multiple Raidsonic NAS devices-specifically tested on IB-NAS5220 and IB-NAS4220-via the unauthenticated timeHandler.cgi endpoint exposed through the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.4%.

Command Injection
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
51.4%
Threat
4.9
CVE-2013-10048 CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%.

Command Injection PHP D-Link Dir 300 Firmware Dir 600 Firmware
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
59.8%
Threat
5.2
CVE-2025-8480 HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal Ilx 507 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2025-8473 MEDIUM This Month

Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ilx 507 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54595 HIGH This Month

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-45619 MEDIUM POC This Month

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Command Injection RCE Ptc310Uv2 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-25692 MEDIUM POC This Month

Unauthenticated remote code execution in PrestaShop 8.2.0 is achievable via PHAR deserialization in the _getHeaders function, triggered through a crafted POST request. The publicly available proof-of-concept lowers the bar for exploitation against unpatched storefronts. No active KEV listing exists, but the network-accessible attack surface of e-commerce deployments and the confirmed exploit code make this a meaningful priority for PrestaShop 8.2.0 operators despite a low EPSS score of 0.77%.

Command Injection Deserialization RCE Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-25691 MEDIUM POC This Month

Remote code execution in PrestaShop 8.2.0 is achievable through a PHAR deserialization flaw in the theme import endpoint (/themes/import), where a crafted POST request containing a malicious PHP Archive triggers arbitrary code execution on the server. A publicly available proof-of-concept exploit exists on GitHub, lowering the technical barrier for skilled attackers. No active exploitation has been confirmed in CISA KEV, but the combination of a public POC and a targeted admin-facing endpoint warrants prompt remediation for any deployment on this version.

Command Injection Deserialization RCE Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-29534 HIGH This Week

Authenticated OS command injection in the PowerStick Wave Dual-Band Wifi Extender V1.0 lets a user with valid credentials run arbitrary commands as root via the /cgi-bin/cgi_vista.cgi endpoint. Because the device firmware runs its web management logic with root privileges, successful exploitation yields complete takeover of the extender. The single NVD reference is a public researcher gist that very likely contains proof-of-concept detail, though the flaw is not listed in CISA KEV and EPSS risk is modest (0.66%, 47th percentile).

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-8259 MEDIUM POC This Month

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 5.1.1 and 5.4.1 can resolve this issue. It is suggested to upgrade the affected component.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.9%
CVE-2025-5243 CRITICAL Act Now

Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.

File Upload Command Injection
NVD VulDB
CVSS 3.1
10.0
EPSS
2.2%
CVE-2025-7952 LOW POC Monitor

Command injection in TOTOLINK T6 firmware 4.1.5cu.748 allows authenticated remote attackers to execute arbitrary commands via the ckeckKeepAlive function in the MQTT Packet Handler component (wireless.so). The vulnerability requires valid user credentials and network access but results only in low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the CVSS 2.1 score and EPSS 3.01% indicate low practical exploitation probability despite public disclosure.

Command Injection T6 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
3.0%
CVE-2025-7932 LOW POC Monitor

Command injection in D-Link DIR-817L router firmware up to version 1.04B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in ssdpcgi, with publicly available exploit code disclosed and EPSS risk at 0.36% suggesting limited real-world exploitation despite network accessibility.

Command Injection D-Link Dir 817L Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-7883 HIGH This Week

Command injection in Eluktronics Control Center 5.23.51.41 allows local authenticated users to execute arbitrary PowerShell commands with elevated privileges through the AiStoneService component. The vulnerability has public exploit code available (CVSS E:P) and affects a PC hardware control software, enabling local privilege escalation. Vendor was notified but did not respond, leaving the vulnerability unpatched. EPSS data not available, but the local-only attack vector (AV:L) and authentication requirement (PR:L) limit widespread exploitation risk despite the critical CVSS 7.1 score.

Command Injection Control Center
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-7836 LOW POC Monitor

Command injection in D-Link DIR-816L firmware up to version 2.06B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in the Environment Variable Handler component. The vulnerability affects end-of-life hardware no longer receiving vendor support, with public exploit code available and low real-world exploitation probability despite network accessibility, limited only by requirement for valid authentication credentials.

Command Injection D-Link Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.4%
CVE-2025-7788 LOW POC Monitor

OS command injection in Xuxueli xxl-job up to version 3.1.1 allows authenticated remote attackers to execute arbitrary operating system commands via the commandJobHandler function in SampleXxlJob.java. The vulnerability has a publicly available exploit and is rated critical by the discoverer, though the CVSS 4.0 score of 2.1 reflects limited scope (authenticated access required, low confidentiality/integrity/availability impact). With EPSS at 0.71% (72nd percentile), real-world exploitation probability is low despite public POC availability.

Command Injection Xxl Job
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-53818 npm This Week

GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.

Node.js Command Injection
NVD GitHub
EPSS
0.2%
CVE-2025-51650 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

File Upload PHP RCE Command Injection Foxcms
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
CVE-2025-7615 LOW POC Monitor

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.6%
CVE-2025-7614 LOW POC Monitor

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.6%
CVE-2025-7613 LOW POC Monitor

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.6%
CVE-2025-50756 CRITICAL POC Act Now

CVE-2025-50756 is a critical unauthenticated command injection vulnerability in the Wavlink WN535K3 router (firmware version 20191010) affecting the set_sys_adm function's newpass parameter. An unauthenticated remote attacker can execute arbitrary system commands with root privileges by sending a crafted request, enabling complete device compromise including data theft, malware installation, and lateral network movement. The CVSS 9.8 score reflects maximum severity; KEV status and active exploitation likelihood are elevated given the high exploitability characteristics (network-accessible, no authentication required, low attack complexity).

Command Injection Wn535k3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2025-7578 MEDIUM This Month

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.4%
CVE-2025-7451 CRITICAL PATCH Act Now

CVE-2025-7451 is a critical OS Command Injection vulnerability in iSherlock (developed by Hgiga) that allows unauthenticated remote attackers to execute arbitrary operating system commands on vulnerable servers with no authentication required. The vulnerability has active in-the-wild exploitation, carries a maximum CVSS score of 9.8, and poses immediate risk to all exposed instances. Organizations running iSherlock must apply patches immediately.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-7553 LOW Monitor

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection D-Link
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM This Month

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
EPSS 72% 5.7 CVSS 10.0
CRITICAL POC THREAT Emergency

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Command Injection PHP D-Link +2
NVD Exploit-DB
EPSS 61% 5.2 CVSS 9.3
CRITICAL POC THREAT Emergency

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 47% 4.6 CVSS 8.6
HIGH POC THREAT Act Now

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 54% 4.8 CVSS 8.6
HIGH POC THREAT Act Now

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.7%.

Command Injection RCE
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE U Boot +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Week

A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload RCE +1
NVD
EPSS 0% CVSS 7.4
HIGH This Month

Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Month

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 74% 5.6 CVSS 9.3
CRITICAL POC THREAT Emergency

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 74.3% and no vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL PATCH This Week

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Apex One
NVD
EPSS 5% CVSS 9.4
CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.

Command Injection Apex One
NVD
EPSS 0% CVSS 8.7
HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL This Week

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL This Week

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
EPSS 0% CVSS 8.5
HIGH This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Ruckus Smartzone Firmware Ruckus Network Director
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Data Domain Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Unity Operating Environment
NVD
EPSS 14% CVSS 7.3
HIGH POC THREAT Act Now

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

Dell Command Injection Unity Operating Environment
NVD GitHub
EPSS 22% 4.0 CVSS 9.4
CRITICAL POC PATCH THREAT Act Now

Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Command Injection RCE Node.js +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

Cursor is a code editor built for programming with AI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Cursor
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Information Disclosure Cursor
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Command Injection RCE 1panel +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Cursor is a code editor built for programming with AI. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cursor
NVD GitHub
EPSS 73% 5.4 CVSS 8.6
HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear Command Injection Dgn1000B Firmware
NVD Exploit-DB
EPSS 61% 5.2 CVSS 9.4
CRITICAL POC THREAT Emergency

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.0%.

Netgear Command Injection Dgn2200B Firmware
NVD Exploit-DB
EPSS 51% 4.7 CVSS 8.6
HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Command Injection D-Link Dir 615H Firmware
NVD Exploit-DB
EPSS 47% 4.6 CVSS 8.6
HIGH POC THREAT Act Now

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%.

Command Injection Linksys RCE
NVD Exploit-DB
EPSS 60% 5.0 CVSS 8.7
HIGH POC THREAT Act Now

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Command Injection
NVD GitHub
EPSS 62% 5.1 CVSS 8.7
HIGH POC THREAT Act Now

An OS command injection vulnerability exists in multiple D-Link routers-confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)-via the authenticated tools_vct.xgi CGI endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

Command Injection D-Link
NVD Exploit-DB VulDB
EPSS 51% 4.9 CVSS 9.3
CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in multiple Raidsonic NAS devices-specifically tested on IB-NAS5220 and IB-NAS4220-via the unauthenticated timeHandler.cgi endpoint exposed through the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.4%.

Command Injection
NVD Exploit-DB
EPSS 60% 5.2 CVSS 9.3
CRITICAL POC THREAT Emergency

An OS command injection vulnerability exists in various legacy D-Link routers-including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)-due to improper input handling in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 59.8%.

Command Injection PHP D-Link +2
NVD Exploit-DB
EPSS 0% CVSS 8.0
HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ilx 507 Firmware
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Command Injection RCE Ptc310Uv2 Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Unauthenticated remote code execution in PrestaShop 8.2.0 is achievable via PHAR deserialization in the _getHeaders function, triggered through a crafted POST request. The publicly available proof-of-concept lowers the bar for exploitation against unpatched storefronts. No active KEV listing exists, but the network-accessible attack surface of e-commerce deployments and the confirmed exploit code make this a meaningful priority for PrestaShop 8.2.0 operators despite a low EPSS score of 0.77%.

Command Injection Deserialization RCE +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Remote code execution in PrestaShop 8.2.0 is achievable through a PHAR deserialization flaw in the theme import endpoint (/themes/import), where a crafted POST request containing a malicious PHP Archive triggers arbitrary code execution on the server. A publicly available proof-of-concept exploit exists on GitHub, lowering the technical barrier for skilled attackers. No active exploitation has been confirmed in CISA KEV, but the combination of a public POC and a targeted admin-facing endpoint warrants prompt remediation for any deployment on this version.

Command Injection Deserialization RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Authenticated OS command injection in the PowerStick Wave Dual-Band Wifi Extender V1.0 lets a user with valid credentials run arbitrary commands as root via the /cgi-bin/cgi_vista.cgi endpoint. Because the device firmware runs its web management logic with root privileges, successful exploitation yields complete takeover of the extender. The single NVD reference is a public researcher gist that very likely contains proof-of-concept detail, though the flaw is not listed in CISA KEV and EPSS risk is modest (0.66%, 47th percentile).

Command Injection RCE
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 5.1.1 and 5.4.1 can resolve this issue. It is suggested to upgrade the affected component.

PHP Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote code execution in SMG Software Information Portal versions prior to 13.06.2025 allows attackers to upload web shells and inject OS commands, achieving full server compromise with a maximum CVSS score of 10.0. The vulnerability was reported by Turkey's national CERT (USOM) and no public exploit identified at time of analysis, though the trivial attack complexity and network-accessible nature make it a critical priority for any organization running the affected product.

File Upload Command Injection
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in TOTOLINK T6 firmware 4.1.5cu.748 allows authenticated remote attackers to execute arbitrary commands via the ckeckKeepAlive function in the MQTT Packet Handler component (wireless.so). The vulnerability requires valid user credentials and network access but results only in low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though the CVSS 2.1 score and EPSS 3.01% indicate low practical exploitation probability despite public disclosure.

Command Injection T6 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DIR-817L router firmware up to version 1.04B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in ssdpcgi, with publicly available exploit code disclosed and EPSS risk at 0.36% suggesting limited real-world exploitation despite network accessibility.

Command Injection D-Link Dir 817L Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Command injection in Eluktronics Control Center 5.23.51.41 allows local authenticated users to execute arbitrary PowerShell commands with elevated privileges through the AiStoneService component. The vulnerability has public exploit code available (CVSS E:P) and affects a PC hardware control software, enabling local privilege escalation. Vendor was notified but did not respond, leaving the vulnerability unpatched. EPSS data not available, but the local-only attack vector (AV:L) and authentication requirement (PR:L) limit widespread exploitation risk despite the critical CVSS 7.1 score.

Command Injection Control Center
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Command injection in D-Link DIR-816L firmware up to version 2.06B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in the Environment Variable Handler component. The vulnerability affects end-of-life hardware no longer receiving vendor support, with public exploit code available and low real-world exploitation probability despite network accessibility, limited only by requirement for valid authentication credentials.

Command Injection D-Link Dir 816L Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Xuxueli xxl-job up to version 3.1.1 allows authenticated remote attackers to execute arbitrary operating system commands via the commandJobHandler function in SampleXxlJob.java. The vulnerability has a publicly available exploit and is rated critical by the discoverer, though the CVSS 4.0 score of 2.1 reflects limited scope (authenticated access required, low confidentiality/integrity/availability impact). With EPSS at 0.71% (72nd percentile), real-world exploitation probability is low despite public POC availability.

Command Injection Xxl Job
NVD GitHub VulDB
EPSS 0%
This Week

GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.

Node.js Command Injection
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.

File Upload PHP RCE +2
NVD GitHub
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CVE-2025-50756 is a critical unauthenticated command injection vulnerability in the Wavlink WN535K3 router (firmware version 20191010) affecting the set_sys_adm function's newpass parameter. An unauthenticated remote attacker can execute arbitrary system commands with root privileges by sending a crafted request, enabling complete device compromise including data theft, malware installation, and lateral network movement. The CVSS 9.8 score reflects maximum severity; KEV status and active exploitation likelihood are elevated given the high exploitability characteristics (network-accessible, no authentication required, low attack complexity).

Command Injection Wn535k3 Firmware
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

CVE-2025-7451 is a critical OS Command Injection vulnerability in iSherlock (developed by Hgiga) that allows unauthenticated remote attackers to execute arbitrary operating system commands on vulnerable servers with no authentication required. The vulnerability has active in-the-wild exploitation, carries a maximum CVSS score of 9.8, and poses immediate risk to all exposed instances. Organizations running iSherlock must apply patches immediately.

Command Injection
NVD
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection D-Link
NVD VulDB
Prev Page 24 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy