Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-0255 HIGH This Week

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-2701 MEDIUM POC This Month

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Hibos
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.9%
CVE-2025-29230 HIGH This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2025-29227 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29226 MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2025-29223 MEDIUM This Month

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-8156 CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-10019 MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-25220 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2025-24306 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.6%
CVE-2025-22473 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22472 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-48017 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-48015 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-48830 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-12992 HIGH This Week

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-12971 HIGH POC THREAT Act Now

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.

Command Injection Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
73.6%
Threat
5.4
CVE-2025-2367 MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-30076 HIGH This Week

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2023-33300 MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2024-46662 HIGH This Week

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8402 LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-20138 HIGH CERT-EU This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Cisco Ios Xr
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-27763 PyPI MEDIUM This Month

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13871 CRITICAL Act Now

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Box Firmware
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-26627 HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Command Injection Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-24049 HIGH PATCH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. [CVSS 8.4 HIGH]

Command Injection Microsoft Suse
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-54018 HIGH This Week

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-22368 This Week

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-22367 This Week

The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-22366 This Week

The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS
0.4%
CVE-2025-27398 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-27394 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27393 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27392 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-12010 HIGH This Week

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-12009 HIGH This Week

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-11253 HIGH This Week

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-2096 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2095 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2094 MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.9%
CVE-2024-53700 MEDIUM This Month

A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-53692 MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-50390 HIGH This Week

A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
7.7
EPSS
0.4%
CVE-2025-26331 HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13892 HIGH This Week

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.7
EPSS
0.5%
CVE-2025-24864 HIGH This Week

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation Windows
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-22447 HIGH This Week

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation Windows
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-25632 CRITICAL POC THREAT Emergency

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Command Injection Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.8%
CVE-2025-1316 CRITICAL KEV THREAT Emergency

Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.

Command Injection RCE Ic 7100 Firmware
NVD
CVSS 4.0
9.3
EPSS
85.1%
CVE-2025-1947 MEDIUM POC This Month

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.9%
CVE-2025-1946 MEDIUM POC This Month

A vulnerability was found in hzmanyun Education and Training System 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
4.8%
CVE-2025-26320 MEDIUM This Month

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Broadlinkmanager D-Link
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-47259 LOW Monitor

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection File Upload Axis Os Axis Os 2024
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-27423 HIGH PATCH This Week

Vim is an open source, command line text editor. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Vim Hci Compute Node Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2025-1845 MEDIUM This Month

A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dsm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2025-1829 MEDIUM POC This Month

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.4%
CVE-2025-1819 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda Ac7 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.7%
CVE-2025-1800 MEDIUM POC This Month

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-23119 HIGH This Week

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Command Injection RCE Ubiquiti
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-53944 CRITICAL Act Now

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2025-20161 MEDIUM This Month

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-20117 MEDIUM This Month

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root&nbsp;on the underlying operating system of an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-25813 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25802 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25797 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25796 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25794 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25793 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25792 MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-25791 MEDIUM POC This Month

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Yzncms
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-27146 npm LOW PATCH Monitor

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Matrix Irc Bridge
NVD GitHub
CVSS 3.1
2.7
EPSS
0.4%
CVE-2025-1676 MEDIUM This Month

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.4%
CVE-2024-57685 MEDIUM This Month

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Sparkshop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27140 CRITICAL POC PATCH Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP RCE Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
6.0%
CVE-2024-57608 MEDIUM This Month

An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27364 CRITICAL Act Now

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
4.6%
CVE-2025-22495 HIGH This Week

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-27298 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection.5.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection CSRF
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-1616 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection An5506 01A Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-1610 MEDIUM POC This Month

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-1609 MEDIUM POC This Month

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-1608 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-27106 HIGH This Week

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
1.5%
CVE-2025-25768 MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Mrcms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25605 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25604 MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
5.6%
CVE-2025-25766 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload Mrcms
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-1546 MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2025-1536 MEDIUM This Month

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
2.1%
EPSS 1% CVSS 7.2
HIGH This Week

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Hcl Devops Deploy Hcl Launch
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Hibos
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
EPSS 74% 5.4 CVSS 8.6
HIGH POC THREAT Act Now

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.

Command Injection Pandora Fms
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Fortinet +2
NVD
EPSS 0% CVSS 3.7
LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Cisco +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Box Firmware
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Command Injection Microsoft
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. [CVSS 8.4 HIGH]

Command Injection Microsoft Suse
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]

Command Injection
NVD
EPSS 0%
This Week

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0%
This Week

The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0%
This Week

The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0% CVSS 2.7
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation +1
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Emergency

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Command Injection Tenda Ac15 Firmware
NVD GitHub
EPSS 85% CVSS 9.3
CRITICAL KEV THREAT Emergency

Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.

Command Injection RCE Ic 7100 Firmware
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in hzmanyun Education and Training System 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD VulDB GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Broadlinkmanager D-Link
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection File Upload Axis Os +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vim is an open source, command line text editor. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Vim Hci Compute Node +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dsm
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda Ac7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Command Injection RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root&nbsp;on the underlying operating system of an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Application Policy Infrastructure Controller
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload +1
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Matrix Irc Bridge
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Sparkshop
NVD GitHub
EPSS 6% CVSS 10.0
CRITICAL POC PATCH Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 5% CVSS 10.0
CRITICAL Act Now

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection.5.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection CSRF
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection An5506 01A Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 7.7
HIGH This Week

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Mrcms
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload +1
NVD
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
Prev Page 30 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy