ReportizFlow
Filtered by vendor
Subscriptions
Total
3451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0039 | 1 Sgi | 1 Irix | 2026-04-16 | 7.3 High |
| webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. | ||||
| CVE-2005-2793 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. | ||||
| CVE-2026-21518 | 1 Microsoft | 2 Visual Studio Code, Visual Studio Code Copilot Chat Extension | 2026-04-15 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-21522 | 1 Microsoft | 3 Confcom, Confidental Containers, Microsoft Aci Confidential Containers | 2026-04-15 | 6.7 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21516 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-04-15 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-21257 | 1 Microsoft | 2 Visual Studio 2022, Visual Studio 2026 | 2026-04-15 | 8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21256 | 1 Microsoft | 2 Visual Studio 2022, Visual Studio 2026 | 2026-04-15 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-20841 | 1 Microsoft | 2 Window Notepad, Windows Notepad | 2026-04-15 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-22719 | 1 Vmware | 4 Aria Operations, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2026-04-15 | 8.1 High |
| VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 | ||||
| CVE-2026-32194 | 1 Microsoft | 1 Bing Images | 2026-04-15 | 9.8 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-35558 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 7.8 High |
| Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-6112 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-15 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-14545 | 2 Icopydoc, Wordpress | 2 Yml For Yandex Market, Wordpress | 2026-04-15 | 6.5 Medium |
| The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | ||||
| CVE-2025-61141 | 1 Sqls-server | 1 Sqls | 2026-04-15 | 7.5 High |
| sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. | ||||
| CVE-2025-5146 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argument pwd leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-5878 | 1 Honeywell | 1 Onewireless Network Wireless Device Manager | 2026-04-15 | N/A |
| Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2. | ||||
| CVE-2024-7397 | 1 Korenix | 1 Jetport5601v3 | 2026-04-15 | N/A |
| Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. | ||||
| CVE-2025-54564 | 1 Chargepoint | 1 Home Flex | 2026-04-15 | 7.8 High |
| uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. | ||||
| CVE-2024-29404 | 1 Razer | 1 Synapse | 2026-04-15 | 7.8 High |
| An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. | ||||
| CVE-2025-2733 | 1 Mannaandpoem | 1 Openmanus | 2026-04-15 | 6.3 Medium |
| A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||