Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2024-57337 MEDIUM This Month

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-5277 CRITICAL This Week

aws-mcp-server MCP server is vulnerable to command injection. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.4
EPSS
0.7%
CVE-2025-1753 PyPI HIGH POC PATCH This Month

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection RCE Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-4009 CRITICAL POC THREAT Emergency

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Command Injection PHP Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
12.3%
CVE-2025-5265 MEDIUM PATCH This Month

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5264 MEDIUM PATCH This Month

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-5147 MEDIUM This Month

A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-5146 MEDIUM This Month

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-5145 LOW Monitor

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.1%
CVE-2025-5139 LOW POC Monitor

A vulnerability was found in Qualitor 8.20/8.24. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Command Injection PHP
NVD VulDB
CVSS 4.0
2.9
EPSS
2.9%
CVE-2025-5126 HIGH POC THREAT This Month

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
10.9%
CVE-2025-46176 MEDIUM This Month

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware Dir 816L Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-34873 HIGH This Week

On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-5106 MEDIUM This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2025-47780 MEDIUM POC Monitor

Asterisk is an open-source private branch exchange (PBX). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Command Injection Asterisk Certified Asterisk
NVD GitHub
CVSS 4.0
4.8
EPSS
0.6%
CVE-2025-32813 HIGH POC THREAT Act Now

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Command Injection Netmri
NVD
CVSS 3.1
7.2
EPSS
10.3%
CVE-2025-3883 HIGH This Month

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE Cph2 Echarge Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2025-3882 HIGH This Month

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE Cph2 Echarge Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2025-3881 HIGH This Month

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE Cph2 Echarge Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2025-48069 LIB MEDIUM PATCH This Month

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-5030 Go LOW POC Monitor

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Killwxapkg
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-20258 MEDIUM This Month

A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cisco Duo
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-4008 HIGH POC KEV THREAT Act Now

Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints.

Command Injection Meteobridge Vm Meteobridge Firmware
NVD
CVSS 4.0
8.7
EPSS
45.9%
Threat
6.1
CVE-2025-48204 PHP MEDIUM PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 allows command injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2024-42922 MEDIUM POC This Week

AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aapanel
NVD GitHub
CVSS 3.1
6.5
EPSS
6.1%
CVE-2025-27804 MEDIUM This Month

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-5000 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-4999 MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware Fgw3000 Hk Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2025-44882 CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Command Injection Wl Wn579a3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.0%
CVE-2025-44880 CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Command Injection Wl Wn579a3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.0%
CVE-2025-44881 CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

RCE Command Injection Code Injection Wl Wn579a3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.0%
CVE-2025-44084 CRITICAL Act Now

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2025-41225 HIGH This Week

The vCenter Server contains an authenticated command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43714 MEDIUM POC This Month

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Chatgpt
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-55063 HIGH POC This Week

Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Dc Netscope
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2025-4851 MEDIUM This Month

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.4%
CVE-2025-4850 MEDIUM This Month

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.4%
CVE-2025-4849 MEDIUM This Month

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.4%
CVE-2025-4747 MEDIUM This Month

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4729 MEDIUM This Month

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection A3002r Firmware A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.4%
CVE-2024-6486 HIGH POC This Week

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress RCE Imagemagick Engine
NVD WPScan
CVSS 3.1
7.2
EPSS
3.5%
CVE-2025-32002 CRITICAL This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2025-47782 PyPI HIGH PATCH This Month

motionEye is an online interface for the software motion, a video surveillance program with motion detection. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-24022 HIGH This Week

iTop is an web based IT Service Management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Itop
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-54780 HIGH POC PATCH This Week

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection Pfsense Ce Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
8.1%
CVE-2025-43562 CRITICAL This Week

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Coldfusion
NVD
CVSS 3.1
9.1
EPSS
8.4%
CVE-2025-32702 HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-45858 CRITICAL POC THREAT Emergency

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
15.4%
CVE-2024-46506 CRITICAL POC THREAT Emergency

NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system.

Command Injection PHP Authentication Bypass Netalertx
NVD
CVSS 3.1
10.0
EPSS
91.5%
Threat
6.2
CVE-2025-40582 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-33025 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-33024 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-32469 CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2025-26389 CRITICAL This Week

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ozw672 Firmware Ozw772 Firmware
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2025-30012 CRITICAL This Week

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Deserialization Java Supplier Relationship Management
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2024-55466 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Thingsboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-44176 MEDIUM POC This Month

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda RCE Fh451 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-29509 HIGH This Week

Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-28203 HIGH This Month

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Rx1800 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12442 CRITICAL Act Now

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-11861 CRITICAL Act Now

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-4454 MEDIUM This Month

A vulnerability was found in D-Link DIR-619L 2.04B04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2025-4453 MEDIUM This Month

A vulnerability was found in D-Link DIR-619L 2.04B04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2025-4445 MEDIUM This Month

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2025-4443 MEDIUM This Month

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.7%
CVE-2025-45798 CRITICAL POC Act Now

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-44023 MEDIUM This Month

An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51295 MEDIUM POC This Month

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Event Booking Calendar
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-31644 HIGH This Week

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.5
EPSS
0.6%
CVE-2025-47203 MEDIUM This Month

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
4.5
EPSS
0.2%
CVE-2025-32821 HIGH This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-20213 MEDIUM This Month

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20194 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco Ios Xe
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-20193 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-20186 HIGH This Month

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-29154 MEDIUM This Month

HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-46816 Go CRITICAL PATCH Act Now

goshs is a SimpleHTTPServer written in Go. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Suse
NVD GitHub
CVSS 3.0
9.4
EPSS
0.2%
CVE-2025-4041 CRITICAL Act Now

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-46735 Go LOW Monitor

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Hashicorp Windows
NVD GitHub
CVSS 4.0
1.1
EPSS
0.3%
CVE-2025-26262 MEDIUM This Month

An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-22476 MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-45492 CRITICAL POC Act Now

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Ex8000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2025-45491 CRITICAL POC THREAT Emergency

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-45490 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45489 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45488 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.5%
CVE-2025-45487 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-4357 MEDIUM POC This Month

A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Rx3 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.0%
CVE-2025-4350 HIGH This Week

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
5.3%
CVE-2025-4349 HIGH This Week

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
5.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE File Upload
NVD
EPSS 1% CVSS 9.4
CRITICAL This Week

aws-mcp-server MCP server is vulnerable to command injection. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Month

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection RCE Llamaindex +1
NVD GitHub
EPSS 12% CVSS 9.3
CRITICAL POC THREAT Emergency

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Command Injection PHP Authentication Bypass
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection RCE +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW Monitor

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 3% CVSS 2.9
LOW POC Monitor

A vulnerability was found in Qualitor 8.20/8.24. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Command Injection PHP
NVD VulDB
EPSS 11% CVSS 7.4
HIGH POC THREAT This Month

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

A vulnerability was found in Fujian Kelixun 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 1% CVSS 4.8
MEDIUM POC Monitor

Asterisk is an open-source private branch exchange (PBX). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Command Injection Asterisk +1
NVD GitHub
EPSS 10% CVSS 7.2
HIGH POC THREAT Act Now

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Command Injection Netmri
NVD
EPSS 0% CVSS 8.8
HIGH This Month

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE +1
NVD
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Suse
NVD GitHub
EPSS 1% CVSS 2.3
LOW POC Monitor

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Killwxapkg
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cisco Duo
NVD
EPSS 46% 6.1 CVSS 8.7
HIGH POC KEV THREAT Act Now

Meteobridge weather station web interface contains a command injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands through crafted requests to CGI endpoints.

Command Injection Meteobridge Vm Meteobridge Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The ns_backup extension through 13.0.0 for TYPO3 allows command injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Week

AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aapanel
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware +1
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys Fgw3000 Ah Firmware +1
NVD GitHub VulDB
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Command Injection Wl Wn579a3 Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Command Injection Wl Wn579a3 Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

RCE Command Injection Code Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The vCenter Server contains an authenticated command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Chatgpt
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Dc Netscope
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N300rh Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection A3002r Firmware A3002ru Firmware +1
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress RCE +1
NVD WPScan
EPSS 1% CVSS 9.3
CRITICAL This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.9
HIGH PATCH This Month

motionEye is an online interface for the software motion, a video surveillance program with motion detection. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.5
HIGH This Week

iTop is an web based IT Service Management tool. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Itop
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC PATCH This Week

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection +2
NVD
EPSS 8% CVSS 9.1
CRITICAL This Week

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Coldfusion
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio 2019 Visual Studio 2022
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 91% 6.2 CVSS 10.0
CRITICAL POC THREAT Emergency

NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection through the settings update API. The savesettings function lacks authentication, enabling attackers to modify arbitrary configuration values and inject OS commands that execute on the host system.

Command Injection PHP Authentication Bypass +1
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
EPSS 1% CVSS 9.4
CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 1% CVSS 9.4
CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 1% CVSS 9.4
CRITICAL This Week

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 1% CVSS 10.0
CRITICAL This Week

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Ozw672 Firmware +1
NVD
EPSS 2% CVSS 10.0
CRITICAL This Week

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Deserialization +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Month

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in D-Link DIR-619L 2.04B04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 619l Firmware
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in D-Link DIR-619L 2.04B04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 619l Firmware
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 605l Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Event Booking Calendar
NVD
EPSS 1% CVSS 8.5
HIGH This Week

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +19
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sma 100 Firmware Sma 200 Firmware +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Catalyst Sd Wan Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco +1
NVD
EPSS 1% CVSS 8.8
HIGH This Month

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Command Injection Cisco +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

goshs is a SimpleHTTPServer written in Go. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Suse
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass
NVD
EPSS 0% CVSS 1.1
LOW Monitor

Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Hashicorp +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Ex8000 Firmware
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Emergency

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 7% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Rx3 Firmware
NVD GitHub VulDB
EPSS 5% CVSS 8.7
HIGH This Week

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
EPSS 5% CVSS 8.7
HIGH This Week

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 600L Firmware
NVD GitHub VulDB
Prev Page 27 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy