ReportizFlow
Filtered by vendor
Subscriptions
Total
3448 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20096 | 1 Cisco | 3 Enterprise Nfv Infrastructure Software, Unified Computing System, Unified Computing System Software | 2026-04-22 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root. | ||||
| CVE-2025-24818 | 1 Nokia | 1 Mantaray Nm | 2026-04-22 | 8 High |
| Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application. | ||||
| CVE-2026-31170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2016-6367 | 1 Cisco | 30 Adaptive Security Appliance Software, Asa 5500, Asa 5500-x and 27 more | 2026-04-22 | 7.8 High |
| Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | ||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2026-04-22 | 9.8 Critical |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | ||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2026-04-22 | 8.8 High |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||
| CVE-2026-3517 | 1 Progress | 4 Ecs Connection Manager, Loadmaster, Moveit Waf and 1 more | 2026-04-22 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command | ||||
| CVE-2026-3518 | 1 Progress | 4 Ecs Connection Manager, Loadmaster, Moveit Waf and 1 more | 2026-04-22 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command | ||||
| CVE-2026-3519 | 1 Progress | 4 Ecs Connection Manager, Loadmaster, Moveit Waf and 1 more | 2026-04-22 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | ||||
| CVE-2026-4048 | 1 Progress | 4 Ecs Connection Manager, Loadmaster, Moveit Waf and 1 more | 2026-04-22 | 8.4 High |
| OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. | ||||
| CVE-2026-30898 | 1 Apache | 1 Airflow | 2026-04-22 | 8.8 High |
| An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice. | ||||
| CVE-2026-4497 | 1 Totolink | 2 Wa300, Wa300 Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5679 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 5.5 Medium |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5689 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2026-2256 | 1 Modelscope | 1 Ms-agent | 2026-04-22 | 6.5 Medium |
| A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input. | ||||
| CVE-2026-3696 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5690 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-22 | 7.3 High |
| A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5692 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2025-4089 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 5.1 Medium |
| Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||||
| CVE-2010-4345 | 5 Canonical, Debian, Exim and 2 more | 5 Ubuntu Linux, Debian Linux, Exim and 2 more | 2026-04-21 | 7.8 High |
| Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. | ||||