Skip to main content

OS Command Injection

web CRITICAL

OS command injection occurs when an application passes unsanitized user input directly into system shell commands.

How It Works

OS command injection occurs when an application passes unsanitized user input directly into system shell commands. Instead of treating input as pure data, the shell interprets special characters as command separators or modifiers, allowing attackers to append arbitrary commands. Common injection points include system(), exec(), popen(), and backtick operators in languages like PHP, Python, and Ruby.

Attackers exploit shell metacharacters to break out of the intended command context. On both Unix and Windows, semicolons (;), pipes (|), and logical operators (&&, ||) chain multiple commands. Unix shells additionally interpret backticks and $() for command substitution, while newlines can also separate statements. For example, if an application executes ping -c 4 $USER_IP, an attacker supplying 8.8.8.8; cat /etc/passwd causes the server to run two commands sequentially.

Attacks manifest in three variants. Visible injection returns command output in the HTTP response, giving immediate feedback. Blind injection produces no direct output, requiring time-based detection (using sleep or timeout commands) or out-of-band confirmation via DNS lookups or HTTP callbacks to attacker-controlled servers. Attackers can also redirect output to web-accessible files for later retrieval.

Impact

  • Complete server compromise — execute any command with the application's privileges, often www-data or root
  • Lateral movement — scan internal networks, pivot to backend systems unreachable from the internet
  • Data exfiltration — dump databases, read configuration files containing credentials, access sensitive business data
  • Persistence mechanisms — install cron jobs, add SSH keys, deploy web shells for continued access
  • Denial of service — crash services, fill disk space, consume CPU resources
  • Supply chain attacks — modify application code or deployment artifacts to compromise downstream users

Real-World Examples

The Ivanti Cloud Service Appliance suffered CVE-2024-8190, where command injection in the administrative interface allowed unauthenticated attackers to execute arbitrary OS commands. CISA added it to the Known Exploited Vulnerabilities catalog after observing active exploitation against enterprise networks.

GitLab experienced multiple command injection vulnerabilities over the years, including issues in repository import functionality where Git URLs containing shell metacharacters were passed unsanitized to system commands, enabling remote code execution on self-hosted instances.

Network equipment frequently contains these flaws. Various Netgear routers have exhibited command injection in ping diagnostic tools, where user-supplied IP addresses were concatenated directly into shell commands without validation, granting attackers complete device control.

Mitigation

  • Eliminate OS commands entirely — use native language libraries (filesystem APIs, network functions) instead of shelling out
  • Strict input allowlisting — permit only exact matches against predefined values; validate format with regex before any processing
  • Parameterized execution APIs — use execve() or language equivalents that pass arguments as arrays, bypassing the shell interpreter completely
  • Principle of least privilege — run application processes with minimal permissions to limit compromise impact
  • Input validation — enforce expected patterns (IP addresses, alphanumeric IDs) but never rely on blacklisting metacharacters

Recent CVEs (7746)

EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection RCE
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Week

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Month

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl 7740C Firmware
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in DCN DCME-720 9.1.5.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Month

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 7400G Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart 2K Plug In Wi Fi Video Doorbell With Chime Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Command Injection
NVD
EPSS 0% CVSS 2.9
LOW POC Monitor

A flaw has been found in wong2 mcp-cli 1.13.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH This Week

The StrongDM macOS client incorrectly processed JSON-formatted messages. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple macOS
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The StrongDM Windows service incorrectly handled input validation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
EPSS 0% CVSS 1.9
LOW Monitor

A security flaw has been discovered in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was determined in neurobin shc up to 4.0.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload RCE
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

screenshot-desktop allows capturing a screenshot of your local machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Deserialization RCE
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Week

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3002r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection PostgreSQL Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL This Week

In vowifi service, there is a possible command injection due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In engineer mode service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Claude Code
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in D-Link DIR-860L 2.04.B04. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP RCE
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM Monitor

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
EPSS 8% CVSS 9.4
CRITICAL KEV THREAT Emergency

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerability to CVE-2025-8875.

Command Injection N Central
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection CSRF
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW Monitor

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 44% 4.7 CVSS 9.4
CRITICAL POC THREAT Emergency

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Olivetin Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Nvidia RCE +2
NVD
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Cherry Studio
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC PATCH This Month

Cherry Studio is a desktop client that supports for multiple LLM providers. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Cherry Studio
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiadc
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
EPSS 45% 4.8 CVSS 9.8
CRITICAL POC THREAT Emergency

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available.

Command Injection Fortinet Fortisiem
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Month

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Visual Studio 2022
NVD
EPSS 52% 4.9 CVSS 9.4
CRITICAL POC THREAT Emergency

Openfiler v2.x contains a command injection vulnerability in the system.html page. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.2%.

Command Injection
NVD Exploit-DB
EPSS 44% 4.7 CVSS 9.4
CRITICAL POC THREAT Emergency

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Command Injection RCE
NVD Exploit-DB
EPSS 63% 5.2 CVSS 9.3
CRITICAL POC THREAT Emergency

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Java
NVD VulDB
EPSS 50% 4.7 CVSS 8.7
HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
EPSS 53% 4.9 CVSS 9.3
CRITICAL POC THREAT Emergency

The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.9%.

Command Injection
NVD Exploit-DB
EPSS 54% 5.0 CVSS 9.3
CRITICAL POC THREAT Emergency

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

Command Injection PHP RCE
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Month

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 4.5
MEDIUM Monitor

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 4.5). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

EnzoH has an OS command injection vulnerability. Rated medium severity (CVSS 5.0). No vendor patch available.

Command Injection Information Disclosure Enzoh W5611T Firmware
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Directory Manager
NVD
EPSS 14% CVSS 9.4
CRITICAL POC THREAT Emergency

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.4
CRITICAL This Week

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 4% CVSS 8.7
HIGH POC This Week

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Command Injection RCE +1
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5.py of the component Model Context Protocol Handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
Prev Page 23 of 87 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
7746

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy