ReportizFlow
Filtered by vendor
Subscriptions
Total
5775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37172 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-33206 | 2 Linux, Nvidia | 3 Linux, Linux Kernel, Nsight Graphics | 2026-02-26 | 7.8 High |
| NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. | ||||
| CVE-2023-47565 | 1 Qnap | 1 Qvr Firmware | 2026-02-26 | 8 High |
| An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later | ||||
| CVE-2025-33228 | 1 Nvidia | 1 Cuda Toolkit | 2026-02-26 | 7.3 High |
| NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2025-33230 | 2 Linux, Nvidia | 2 Linux Kernel, Cuda Toolkit | 2026-02-26 | 7.3 High |
| NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. | ||||
| CVE-2025-13942 | 1 Zyxel | 36 Dx4510-b0, Dx4510-b0 Firmware, Dx4510-b1 and 33 more | 2026-02-26 | 9.8 Critical |
| A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests. | ||||
| CVE-2025-13943 | 1 Zyxel | 104 Am7510-00, Am7510-00 Firmware, Ax7501-b1 and 101 more | 2026-02-26 | 8.8 High |
| A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device. | ||||
| CVE-2025-70328 | 1 Totolink | 2 X6000r, X6000r Firmware | 2026-02-26 | 8.8 High |
| TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters. | ||||
| CVE-2023-48428 | 1 Siemens | 1 Sinec Ins | 2026-02-25 | 7.2 High |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level. | ||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2026-02-25 | 7.2 High |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | ||||
| CVE-2023-48782 | 1 Fortinet | 1 Fortiwlm | 2026-02-25 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters | ||||
| CVE-2025-70329 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-02-24 | 8 High |
| TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters. | ||||
| CVE-2025-64328 | 2 Freepbx, Sangoma | 4 Endpoint Manager, Filestore, Freepbx and 1 more | 2026-02-24 | 7.2 High |
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3. | ||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2026-02-24 | 7.7 High |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | ||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2026-02-24 | 8.4 High |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | ||||
| CVE-2025-15254 | 1 Tenda | 2 W6-s, W6-s Firmware | 2026-02-24 | 6.3 Medium |
| A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-14586 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-02-24 | 6.3 Medium |
| A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-14094 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-02-24 | 4.7 Medium |
| A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14093 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-02-24 | 4.7 Medium |
| A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||