Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-10029

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-05 Aug, 2025 | 20:03
Updated At-15 May, 2026 | 11:13
Rejected At-
Credits

Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:05 Aug, 2025 | 20:03
Updated At:15 May, 2026 | 11:13
Rejected At:
▼CVE Numbering Authority (CNA)
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.

Affected Products
Vendor
Nagios Enterprises, LLCNagios Enterprises
Product
Nagios XI Graph Explorer
Modules
  • visApi.php within the Graph Explorer plugin
Default Status
unaffected
Versions
Affected
  • From 0 before 1.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-88CAPEC-88 OS Command Injection
CAPEC ID: CAPEC-88
Description: CAPEC-88 OS Command Injection
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Daniel Compton
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
exploit
https://www.exploit-db.com/exploits/23227
exploit
https://packetstorm.news/files/id/118705/
exploit
https://www.nagios.com/products/nagios-xi/
product
https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection
third-party-advisory
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/23227
Resource:
exploit
Hyperlink: https://packetstorm.news/files/id/118705/
Resource:
exploit
Hyperlink: https://www.nagios.com/products/nagios-xi/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
exploit
https://www.exploit-db.com/exploits/23227
exploit
https://packetstorm.news/files/id/118705/
exploit
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/23227
Resource:
exploit
Hyperlink: https://packetstorm.news/files/id/118705/
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:05 Aug, 2025 | 20:15
Updated At:06 Aug, 2025 | 16:15

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-78Secondarydisclosure@vulncheck.com
CWE ID: CWE-78
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://packetstorm.news/files/id/118705/disclosure@vulncheck.com
N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rbdisclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/23227disclosure@vulncheck.com
N/A
https://www.nagios.com/products/nagios-xi/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injectiondisclosure@vulncheck.com
N/A
https://packetstorm.news/files/id/118705/134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
https://www.exploit-db.com/exploits/23227134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://packetstorm.news/files/id/118705/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/23227
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.nagios.com/products/nagios-xi/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/nagios-xi-network-monitor-graph-explorer-component-auth-command-injection
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://packetstorm.news/files/id/118705/
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/nagios_graph_explorer.rb
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/23227
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

66Records found

CVE-2025-34288
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-1.76% / 75.31%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 22:17
Updated-14 May, 2026 | 02:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiNagios XI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-9717
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.6||HIGH
EPSS-1.19% / 64.20%
||
7 Day CHG+0.19%
Published-25 Jun, 2026 | 15:05
Updated-25 Jun, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

Action-Not Available
Vendor-Schneider Electric SE
Product-PowerLogic™ P7
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56808
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.55% / 72.09%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 06:00
Updated-30 Jun, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.

Action-Not Available
Vendor-AVTECH Security Corporation
Product-DGM3103SCT
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-53876
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.79% / 75.64%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 04:56
Updated-17 Jun, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.

Action-Not Available
Vendor-Micro-Star International Co., Ltd.
Product-RadiX AX6600 WiFi 6 Tri-Band Gaming Router
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-55975
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.65% / 46.78%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 22:58
Updated-29 Jun, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H.VIEW HV-500S6 IP Camera OS Command Injection

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation.

Action-Not Available
Vendor-H.VIEW
Product-HV-500S6 IP Camera
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-50043
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.13% / 62.45%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 06:53
Updated-01 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.

Action-Not Available
Vendor-Seiko Solutions Inc.
Product-SkyBridge MB-A100/MB-A110
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-4627
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-2.02% / 78.64%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 03:32
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-825/DIR-825R NTP Service libdeuteron_modules.so handler_update_system_time os command injection

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-825RDIR-825
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-4611
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-3.03% / 85.89%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 21:13
Updated-03 Apr, 2026 | 11:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X6000R shttpd setLanCfg privilege escalation

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

Action-Not Available
Vendor-TOTOLINK
Product-x6000r_firmwarex6000rX6000R
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-40520
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-1.38% / 68.78%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-23 Apr, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreePBX api module Command Injection via GraphQL

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL moduleOperations mutation with backtick-wrapped commands in the module field to execute arbitrary commands on the underlying host as the web server user.

Action-Not Available
Vendor-FreePBX
Product-apiapi
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-35506
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.31% / 67.12%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 12:01
Updated-13 May, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-WRC-BE65QSD-BWRC-BE72XSD-BAWRC-W702-BWRC-BE72XSD-B
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-53981
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.80% / 51.99%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-07 Apr, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection

PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process.

Action-Not Available
Vendor-thibaud-rohmerthibaud-rohmer
Product-photoshowPhotoShow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-31386
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.51% / 71.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 05:21
Updated-08 Jun, 2026 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologies
Product-litespeed_web_serveropenlitespeedOpenLiteSpeedLSWS Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-28287
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-8.49% / 94.37%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 18:25
Updated-09 Mar, 2026 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.

Action-Not Available
Vendor-FreePBXSangoma Technologies Corp.
Product-freepbxsecurity-reporting
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-23699
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.54% / 71.89%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 01:41
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-AP180(JA) V2.xxAP180-PE V1.xxAP180(JP) V1.xxAP180-AC V2.xxAP180-AC V1.xxAP180-AC V3.xxAP180(JA) V1.xxAP180-PE V3.xxAP180-PE V2.xx
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-22550
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.66% / 73.87%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 06:56
Updated-12 May, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrc-x1500gs-bwrc-x1500gsa-b_firmwarewrc-x1500gsa-bwrc-x1500gs-b_firmwareWRC-XE5400GSA-GWRC-X3000GS2-BWRC-X3000GS2A-BWRC-X1800GS-BWRC-X3000GST2-BWRC-X6000XST-GWRC-X1500GS-BWRC-X6000XS-GWRC-X1800GSH-BWRC-X6000QS-GWRC-XE5400GS-GWRC-X3000GS2-WWRC-X6000QSA-GWRC-X1500GSA-BWRC-X1800GSA-B
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-21719
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.20% / 64.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 04:33
Updated-20 Apr, 2026 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.

Action-Not Available
Vendor-cubecartCubeCart Limited
Product-cubecartCubeCart
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-11845
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.95% / 56.98%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 09:27
Updated-12 Jun, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - OS Command Injection

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device.

Action-Not Available
Vendor-IEI Integration Corp
Product-iVEC TANK-XM811
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15101
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
CVSS Score-8.6||HIGH
EPSS-0.90% / 55.27%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 02:01
Updated-13 May, 2026 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-asus_firmwareRouter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-0676
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-8.6||HIGH
EPSS-0.99% / 58.27%
||
7 Day CHG+0.02%
Published-02 Apr, 2025 | 06:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commend Injection Leading to Privilege Escalation

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

Action-Not Available
Vendor-Moxa Inc.
Product-EDR-G9010 SeriesOnCell G4302-LTE4 SeriesEDR-8010 SeriesEDR-810 SeriesTN-4900 SeriesEDR-G9004 SeriesEDF-G1002-BP SeriesNAT-102 Series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-0528
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-5.81% / 92.24%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 14:31
Updated-28 May, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10_firmwareac18_firmwareac18ac10ac8_firmwareac8AC8AC18AC10
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9139
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-8.6||HIGH
EPSS-1.39% / 68.90%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 08:20
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in Restricted Command

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Action-Not Available
Vendor-Moxa Inc.
Product-EDR-810 SeriesEDR-G9010 SeriesEDR-G9004 SeriesTN-4900 SeriesNAT-102 SeriesEDF-G1002-BP SeriesEDR-8010 SeriesOnCell G4302-LTE4 Seriesoncell_g4302-lte4_firmwaretn-4900_firmwareedr-g9004_firmwareedr-8010_firmwarenat-102_firmwareedr-g9010_firmwareedr-810_firmwareedf-g1002-bp_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-58338
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.72% / 49.34%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-05 Mar, 2026 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.

Action-Not Available
Vendor-atemeAteme
Product-flamingo_xlflamingo_xl_firmwareFlamingo XL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-9573
Matching Score-4
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
ShareView Details
Matching Score-4
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
CVSS Score-8.6||HIGH
EPSS-1.11% / 62.07%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 08:42
Updated-02 Sep, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection in extension "TYPO3 Backup Plus" (ns_backup)

The ns_backup extension through 13.0.2 for TYPO3 allows command injection.

Action-Not Available
Vendor-TYPO3 Association
Product-Extension "TYPO3 Backup Plus"
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-9377
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-8.6||HIGH
EPSS-11.75% / 95.56%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 17:30
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-09-24||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Authenticated RCE via Parental Control command injection

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-tl-wr841n_firmwaretl-wr841narcher_c7_firmwaretl-wr841nd_firmwarearcher_c7tl-wr841ndTL-WR841N/ND(MS) V9Archer C7(EU) V2Multiple Routers
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25857
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-2.82% / 84.85%
||
7 Day CHG~0.00%
Published-07 Feb, 2026 | 21:41
Updated-11 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda G300-F Command Injection via formSetWanDiag

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface can inject additional shell syntax and execute arbitrary commands on the device with the privileges of the management process.

Action-Not Available
Vendor-Shenzhen Tenda TechnologyTenda Technology Co., Ltd.
Product-g300-f_firmwareg300-fTenda G300-F
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-52010
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.44% / 70.02%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:06
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In HandleCreateProxySession the request to create an SSH session is handled. An attacker can exploit the username variable to escape from the bash command and inject arbitrary commands into sshCommand. This is possible, because, unlike hostname and port, the username is not validated or sanitized.

Action-Not Available
Vendor-tobychui
Product-zoraxy
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25041
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 37.97%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 19:53
Updated-13 Mar, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other connection parameters are directly interpolated into a shell command. This affects packages/server/src/integrations/postgres.ts.

Action-Not Available
Vendor-budibaseBudibase
Product-budibasebudibase
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-68459
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.26% / 66.06%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 05:51
Updated-18 Dec, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-AP180(JA) V2.xxAP180(JP) V1.xxAP180-AC V3.xxAP180(JA) V1.xxAP180-PE V3.xxAP180-AC V2.xxAP180-AC V1.xxAP180-PE V2.xxAP180-PE V1.xx
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-66279
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.05% / 60.11%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 03:05
Updated-15 Jun, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64444
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.15% / 62.99%
||
7 Day CHG+0.02%
Published-14 Nov, 2025 | 05:15
Updated-14 Nov, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.

Action-Not Available
Vendor-Sony Network Communications Inc.
Product-NCP-HG100/WLAN modelNCP-HG100/Cellular model
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64328
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-84.42% / 99.67%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 03:32
Updated-24 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-24||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
FreePBX Administration GUI is Vulnerable to Authenticated Command Injection

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

Action-Not Available
Vendor-SangomaFreePBXSangoma Technologies Corp.
Product-firestorefilestoreFreePBX
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-65074
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-8.6||HIGH
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 12:25
Updated-22 Dec, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection via Path Traversal in WaveStore Server

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version 6.44.44

Action-Not Available
Vendor-wavestoreWaveStore
Product-video_management_software_serverWaveStore Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-22893
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.99% / 58.22%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 03:06
Updated-15 Jun, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6541
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-8.6||HIGH
EPSS-0.64% / 46.25%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 00:21
Updated-24 Oct, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7212pcer7412-m2_firmwarefr205_firmwarefr365_firmwareer8411_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-23759
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-1.51% / 71.35%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 15:20
Updated-14 May, 2026 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.

Action-Not Available
Vendor-Perle Systems
Product-IOLAN STSIOLAN SCS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-23882
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.36% / 28.24%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 20:52
Updated-24 Mar, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blinko: Admin RCE - MCP Server Command Injection

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.

Action-Not Available
Vendor-blinkoblinkospace
Product-blinkoblinko
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-47747
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.61% / 44.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:39
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
meterN 1.2.3 Authenticated Remote Code Execution via Admin Scripts

meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.

Action-Not Available
Vendor-Metern
Product-meterN
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-47903
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-1.45% / 70.17%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.

Action-Not Available
Vendor-LiteSpeed Technologies Inc
Product-LiteSpeed Web Server Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-47745
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-1.19% / 64.15%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:39
Updated-05 Mar, 2026 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection via Firmware Upgrade

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Cypress
Product-200
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10061
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-4.39% / 90.14%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 20:45
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear Routers setup.cgi RCE

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgn1000bdgn1000b_firmwareDGN1000B
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10058
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-3.02% / 85.85%
||
7 Day CHG-0.08%
Published-01 Aug, 2025 | 20:44
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys Routers apply.cgi Remote Command Injection

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-WRT160nv2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10059
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-19.11% / 96.98%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 20:38
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link Routers tools_vct.htm OS Command Injection

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-615hdir-615h_firmwareDIR-615H1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-50909
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-2.10% / 79.45%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request.

Action-Not Available
Vendor-Algo Solutions
Product-Algo 8028
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-58116
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.15% / 63.01%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 03:08
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker.

Action-Not Available
Vendor-I-O DATA DEVICE, INC.
Product-WN-7D36QR/UEWN-7D36QR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-54763
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.28% / 66.51%
||
7 Day CHG+0.11%
Published-31 Oct, 2025 | 05:55
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.

Action-Not Available
Vendor-Century Systems Co., Ltd.
Product-FutureNet MA-P seriesFutureNet MA-S seriesFutureNet IP-K seriesFutureNet MA-E300 seriesFutureNet MA-X series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-5459
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-8.6||HIGH
EPSS-0.43% / 34.19%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 06:30
Updated-14 Oct, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.

Action-Not Available
Vendor-Perforce Software, Inc. ("Puppet")Perforce Software, Inc.
Product-puppet_enterprisePuppet Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-10028
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.49%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 20:04
Updated-15 May, 2026 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netwin SurgeFTP <= v23c8 Authenticated RCE

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.

Action-Not Available
Vendor-Netwin
Product-SurgeFTP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-53472
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-1.05% / 60.18%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 09:30
Updated-22 Jul, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-WRC-W701-BWRC-BE36QS-B
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41265
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-8.6||HIGH
EPSS-0.88% / 54.76%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 10:41
Updated-01 Jun, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.

Action-Not Available
Vendor-waterfall-securityWaterfall
Product-wf-500_firmwarewf-500WF-500
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-41279
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-8.6||HIGH
EPSS-0.88% / 54.76%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 10:59
Updated-01 Jun, 2026 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host.

Action-Not Available
Vendor-waterfall-securityWaterfall
Product-wf-500_firmwarewf-500WF-500
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found