ReportizFlow
Filtered by vendor
Subscriptions
Total
5757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43778 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2026-04-15 | 8.8 High |
| OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2025-20292 | 1 Cisco | 2 Nx-os, Unified Computing System Manager | 2026-04-15 | 4.4 Medium |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to read and write files on the underlying operating system with the privileges of a non-root user account. File system access is limited to the permissions that are granted to that non-root user account. | ||||
| CVE-2024-20295 | 1 Cisco | 1 Integrated Management Controller | 2026-04-15 | 8.8 High |
| A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | ||||
| CVE-2024-29167 | 2026-04-15 | 7.2 High | ||
| SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | ||||
| CVE-2024-28748 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2026-04-15 | 7.2 High |
| A remote attacker with high privileges may use a reading file function to inject OS commands. | ||||
| CVE-2025-20061 | 1 Myscada | 1 Mypro Manager | 2026-04-15 | 9.8 Critical |
| mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | ||||
| CVE-2025-26055 | 2026-04-15 | 6.5 Medium | ||
| An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. | ||||
| CVE-2021-35402 | 1 Prolink | 1 Prc2402m | 2026-04-15 | 10 Critical |
| PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status). | ||||
| CVE-2025-34117 | 1 Netis-systems | 1 Netcore Router Firmware | 2026-04-15 | N/A |
| A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability. | ||||
| CVE-2025-53100 | 2026-04-15 | N/A | ||
| RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2. | ||||
| CVE-2012-10059 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp/crm | 2026-04-15 | N/A |
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | ||||
| CVE-2025-27079 | 2026-04-15 | 6 Medium | ||
| A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise. | ||||
| CVE-2025-34319 | 1 Totolink | 2 N300rt, N300rt Firmware | 2026-04-15 | N/A |
| TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter. | ||||
| CVE-2024-12985 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-59518 | 1 Lemonldap-ng | 1 Lemonldap::ng | 2026-04-15 | 8 High |
| In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server. | ||||
| CVE-2024-43652 | 2026-04-15 | 8.8 High | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical – The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. | ||||
| CVE-2023-4856 | 2026-04-15 | 8.8 High | ||
| A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint. | ||||
| CVE-2025-3361 | 1 Hgiga | 1 Isherlock | 2026-04-15 | 9.8 Critical |
| The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||||
| CVE-2024-29640 | 2026-04-15 | 9.8 Critical | ||
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | ||||
| CVE-2025-25220 | 2026-04-15 | N/A | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker. | ||||