Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32833

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-26 Jun, 2026 | 19:54
Updated At-29 Jun, 2026 | 13:21
Rejected At-
Credits

Cudy LT300 3.0 OS Command Injection via NTP Configuration

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:26 Jun, 2026 | 19:54
Updated At:29 Jun, 2026 | 13:21
Rejected At:
▼CVE Numbering Authority (CNA)
Cudy LT300 3.0 OS Command Injection via NTP Configuration

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

Affected Products
Vendor
Shenzhen Cudy Technology Co., Ltd.
Product
LT300 3.0
Default Status
affected
Versions
Affected
  • From 0 before 2.5.12 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Dan Owen
coordinator
VulnCheck
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cudy.com/en-us/pages/download-center/lt300-3-0
release-notes
patch
https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configuration
third-party-advisory
Hyperlink: https://www.cudy.com/en-us/pages/download-center/lt300-3-0
Resource:
release-notes
patch
Hyperlink: https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configuration
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:26 Jun, 2026 | 20:16
Updated At:29 Jun, 2026 | 14:16

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-78Secondarydisclosure@vulncheck.com
CWE ID: CWE-78
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.cudy.com/en-us/pages/download-center/lt300-3-0disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configurationdisclosure@vulncheck.com
N/A
Hyperlink: https://www.cudy.com/en-us/pages/download-center/lt300-3-0
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/cudy-lt300-os-command-injection-via-ntp-configuration
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1114Records found

CVE-2024-51503
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-8||HIGH
EPSS-4.03% / 89.36%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:00
Updated-04 Sep, 2025 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-deep_security_agentTrend Micro Deep Security
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-50853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.64% / 73.53%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 00:00
Updated-21 Nov, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-g3g3_firmwaren/ag3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-51450
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.01% / 58.81%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:15
Updated-08 Aug, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Directory Command Execution

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_directorySecurity Verify Directory
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-11409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-87.48% / 99.73%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 18:02
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-1082
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.98% / 57.94%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 08:25
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Welotec: Command injection vulnerability in TK500v1 router series

An remote attacker with low privileges can perform a command injection which can lead to root access.

Action-Not Available
Vendor-Welotecwelotec
Product-TK525U SetTK525LTK525L SetTK515L-W SetTK525WTK515L-WTK515L SetTK535L1 SetTK525L-WTK525L-W SetTK515LTK535L1TK525W SetTK525Utk535l1_set
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-5440
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-8.05% / 94.09%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 10:00
Updated-02 Jul, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection

A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-re9000_firmwarere6250re7000re6300re6300_firmwarere7000_firmwarere6500_firmwarere9000re6350re6350_firmwarere6250_firmwarere6500RE7000RE6350RE9000RE6500RE6300RE6250
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-54406
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-4.23% / 89.81%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 13:55
Updated-03 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `counts` request parameter.

Action-Not Available
Vendor-planetPlanet
Product-wgr-500wgr-500_firmwareWGR-500
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-10392
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-25.78% / 97.71%
||
7 Day CHG+0.19%
Published-12 Sep, 2019 | 13:55
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

Action-Not Available
Vendor-Jenkins
Product-git_clientJenkins Git Client Plugin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-53949
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-15.54% / 96.42%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:19
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortiSandbox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-54403
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.64% / 88.17%
||
7 Day CHG-0.05%
Published-07 Oct, 2025 | 13:55
Updated-03 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related to the `new_password` request parameter.

Action-Not Available
Vendor-planetPlanet
Product-wgr-500wgr-500_firmwareWGR-500
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-0861
Matching Score-4
Assigner-ONEKEY GmbH
ShareView Details
Matching Score-4
Assigner-ONEKEY GmbH
CVSS Score-7.2||HIGH
EPSS-28.66% / 97.90%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 08:58
Updated-18 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection in NetModule NSRW

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

Action-Not Available
Vendor-netmoduleNetModule
Product-nb1810nb2800nb3800nb1601ng800nb800nb1800netmodule_router_softwarenb3701nb2810NSRW
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-51244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.78% / 51.38%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 00:00
Updated-05 Nov, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.

Action-Not Available
Vendor-n/aDrayTek Corp.
Product-vigor3900_firmwarevigor3900n/avigor3900_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-0164
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-8.8||HIGH
EPSS-1.38% / 68.82%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.

Action-Not Available
Vendor-orangescrumn/a
Product-orangescrumOrangeScrum
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-28254
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-45.73% / 98.65%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 19:55
Updated-04 Sep, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/<expression>` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-open-metadataopen-metadataopenmetadata
Product-openmetadataOpenMetadataopenmetadata
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-0830
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-20.86% / 97.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 16:13
Updated-01 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EasyNAS backup.pl system os command injection

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-easynasn/a
Product-easynasEasyNAS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-54405
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-4.23% / 89.81%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 13:55
Updated-03 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `ipaddr` request parameter.

Action-Not Available
Vendor-planetPlanet
Product-wgr-500wgr-500_firmwareWGR-500
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-8664
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-6||MEDIUM
EPSS-0.83% / 53.20%
||
7 Day CHG+0.10%
Published-25 Jun, 2026 | 01:28
Updated-29 Jun, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in Rapid7 InsightConnect Finger Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

Action-Not Available
Vendor-Rapid7 LLC
Product-insightconnect_fingerInsightConnect Finger Plugin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-48595
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:19
Updated-10 Oct, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48600
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:28
Updated-09 Oct, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48587
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 17:46
Updated-10 Oct, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48580
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-1.31% / 67.17%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 17:02
Updated-10 Oct, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-48598
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:25
Updated-10 Oct, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48588
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.17%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 17:47
Updated-10 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48601
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:32
Updated-09 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48594
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:18
Updated-10 Oct, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48584
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-1.32% / 67.42%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 17:29
Updated-10 Oct, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-48591
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:04
Updated-10 Oct, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48581
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-1.34% / 67.96%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 17:08
Updated-10 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-48604
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:35
Updated-10 Oct, 2024 | 12:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-48596
Matching Score-4
Assigner-Securifera, Inc.
ShareView Details
Matching Score-4
Assigner-Securifera, Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 18:21
Updated-10 Oct, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Action-Not Available
Vendor-ScienceLogic, Inc.
Product-sl1SL 1
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-47555
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.3||CRITICAL
EPSS-0.98% / 58.06%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 12:47
Updated-03 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.

Action-Not Available
Vendor-ormazabalOrmazabalormazabal
Product-ekorccp_firmwareekorrciekorrci_firmwareekorccpekorRCIekorCCPekorrciekorccp
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-46552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-10.50% / 95.21%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-846_firmwaredir-846n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 65.54%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

Action-Not Available
Vendor-xiongmaitechn/a
Product-nbd7024t-pnbd8916f8-qnbd7808r-pl\(ep\)_firmwarenbd8025r-ul_firmwarenbd8016r-ulnbd8016ra-k\(ep\)_firmwarenbd8016t-q-v2nbd8908t-plc-xpoenbd7024h-p_firmwarenbd8032h4-qenbd80s10s-klnbd7904t-q_firmwarenbd8004r-yl\(ep\)nbd8016ra-ula_firmwarenbd8008ra-gl_firmwarenbd8004r-pl\(ep\)nbd8904t-qnbd8904t-q_firmwarenbd8016ra-ulnbd8016s-kl-v2_firmwarenbd8010s-kl-v2nbd7016t-f-v2_firmwarenbd7804r-f\(hdmi\)_firmwarenbd7804r-fwnbd8904t-gsc-xpoenbd8016s-kl-v2nbd8032ra-ul-v2_firmwarenbd8032h4-ulnbd7804r-f\(hdmi\)nbd8008ra-glk_firmwarenbd7808r-pl\(ep\)nbd7008t-pnbd8008r-pl\(ep\)_firmwarenbd80n16ra-kl\(ep\)_firmwarenbd8064h8-p_firmwarenbd7008t-p_firmwarenbd7804t-pl_firmwarenbd8025r-ulnbd8016ra-ulk_firmwarenbd80s10s-kl_firmwarenbd7804r-f\(ep\)nbd8016ra-ul_firmwarenbd8008ra-glmbd6304tmbd6304t_firmwarenbd8008r-pl\(ep\)nbd8016ra-ul\(ep\)nbd8032h4-qnbd8032h4-pnbd8010s-kl-v2_firmwarenbd8008ra-ulknbd8016t-q-v2_firmwarenbd8008ra-ul\(ep\)_firmwarenbd7004t-pnbd80n16ra-kl\(ep\)nbd8032h4-p_firmwarenbd8004r-yl\(ep\)_firmwarenbd7004t-p_firmwarenbd8008r-yl\(ep\)nbd8032h4-ul_firmwarenbd8016ra-ulanbd8032h4-q_firmwarenbd7804r-f\(ep\)_firmwarenbd8004t-q_firmwarenbd88x09s-klnbd8008t-qnbd8032h8-pnbd80s16s-klnbd8008ra-ulanbd8908r-ylnbd80n16ra-kl_firmwarenbd8008ra-ulk_firmwarenbd80s08s-kl\(ep\)_firmwarenbd7808r-pl\(hdmi\)nbd7808t-pl_firmwarenbd7808r-pl\(hdmi\)_firmwarenbd80s16s-kl\(ep\)_firmwarenbd8032h8-qenbd7024h-pnbd7908t-qnbd80x09s-kl_firmwarenbd8916f4-qnbd8916f8-q_firmwarenbd7904r-fs_firmwarenbd8016s-ula-v2nbd8009s-ula-v2_firmwarenbd8008r-plnbd7904t-pl-xpoenbd6808t-plnbd8908t-pl-xpoenbd8908r-yl_firmwarenbd7016t-f-v2nbd7804t-plnbd8016ra-ulknbd80x09s-klnbd8908t-pl-xpoe_firmwarenbd7904t-plc-xpoenbd7904r-fsnbd88x09s-kl_firmwarenbd80n16ra-klnbd7808t-plnbd8064h8-pnbd7904t-p_firmwarenbd8904r-plnbd8008ra-ul\(ep\)nbd8904r-ylnbd7024t-p_firmwarenbd8008ra-ula_firmwarenbd8016r-ul_firmwarenbd7904t-plc-xpoe_firmwarenbd8008r-pl_firmwarenbd8032h8-qe_firmwarenbd8916f4-q_firmwarenbd8032ra-ul-v2nbd8032h4-qe_firmwarenbd8009s-ula-v2nbd8004t-qnbd8904r-pl_firmwarenbd7904t-pl_firmwarenbd80s08s-kl\(ep\)nbd8016ra-ul\(ep\)_firmwarenbd8016s-ula-v2_firmwarenbd80s16s-kl_firmwarenbd7904t-plnbd8016ra-k\(ep\)nbd8008t-q_firmwarenbd8904r-yl_firmwarenbd8008r-yl\(ep\)_firmwarenbd8008ra-glknbd8908r-plnbd8032h8-p_firmwarenbd8904t-gsc-xpoe_firmwarenbd6808t-pl_firmwarenbd7804r-fw_firmwarenbd80x09ra-kl_firmwarenbd7904t-pl-xpoe_firmwarenbd7904t-pnbd8908t-plc-xpoe_firmwarenbd80x09ra-klnbd8908r-pl_firmwarenbd80s16s-kl\(ep\)nbd7908t-q_firmwarenbd8004r-pl\(ep\)_firmwarenbd7904t-qn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-2024
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-4.52% / 90.38%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 19:57
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

Action-Not Available
Vendor-call-ccchickenDebian GNU/Linux
Product-chickendebian_linuxchicken
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.10% / 79.46%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-21.99% / 97.36%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.

Action-Not Available
Vendor-baijiacms_projectn/a
Product-baijiacmsn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.51%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

Action-Not Available
Vendor-opengroupn/aLinux Kernel Organization, IncVeritas Technologies LLC
Product-unixnetbackuplinux_kerneln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9207
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-4
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-8.8||HIGH
EPSS-0.39% / 31.11%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 01:19
Updated-27 May, 2026 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed an unauthorized code execution vulnerability in Connect.

Tanium addressed an unauthorized code execution vulnerability in Connect.

Action-Not Available
Vendor-Tanium
Product-Connect
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43536
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.41% / 69.40%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 20:03
Updated-10 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-13782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-27.06% / 97.80%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-865l_firmwaredir-865ln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-44149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-64.35% / 99.14%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

Action-Not Available
Vendor-nexxtsolutionsn/a
Product-amp300_firmwareamp300n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43907
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-1.02% / 59.12%
||
7 Day CHG~0.00%
Published-27 Aug, 2023 | 22:38
Updated-01 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium command execution

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-13851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-91.09% / 99.80%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 02:15
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artica Pandora FMS 7.44 allows remote command execution via the events feature.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-44606
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.47% / 70.59%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Action-Not Available
Vendor-unimoUNIMO Technology Co., Ltd
Product-udr-ja1616udr-ja1604udr-ja1608_firmwareudr-ja1604_firmwareudr-ja1616_firmwareudr-ja1608UDR-JA1604/UDR-JA1608/UDR-JA1616
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43390
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.08% / 61.18%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex5601-t1_firmwaredx3301-t0vmg4005-b50aex5512-t0_firmwarepm5100-t0_firmwarevmg3927-t50kpm7320-b0vmg8825-t50kdx5401-b0ex5601-t1ax7501-b0ex3510-b0nebula_nr5101vmg8623-t50bemg3525-t50bnr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50kdx3301-t0_firmwarepmg5622gaex5510-b0_firmwarenebula_nr7101_firmwarepmg5317-t20b_firmwarepmg5617-t20b2lte7490-m904_firmwarepmg5622ga_firmwareex5401-b0_firmwarewx3401-b0_firmwareex5512-t0ex5600-t1dx4510-b1pm3100-t0_firmwarewx3100-t0_firmwareemg5523-t50bvmg8623-t50b_firmwarewx3100-t0vmg4005-b60apmg5317-t20bex5501-b0dx4510-b1_firmwarepm7320-b0_firmwareex5510-b0pmg5617-t20b2_firmwarevmg4005-b60a_firmwarenr7102ex5601-t0_firmwarevmg4005-b50a_firmwareex5501-b0_firmwaredx5401-b0_firmwareex3301-t0ex5401-b0nebula_nr7101nr5101_firmwarepmg5617gaex3510-b0_firmwarewx3401-b0pm5100-t0nr7101ax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwarepm3100-t0nr7101_firmwarelte7490-m904ex5601-t0ex5600-t1_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarewx5600-t0emg5523-t50b_firmwarenr5101pm7300-t0ex3301-t0_firmwarepmg5617ga_firmwarelte7480-m804emg3525-t50b_firmwarewx5600-t0_firmwareNR7101 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10053
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.08% / 61.02%
||
7 Day CHG+0.05%
Published-01 Aug, 2025 | 20:49
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges.

Action-Not Available
Vendor-ZPanel Project
Product-ZPanel
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-42289
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.2||HIGH
EPSS-1.01% / 59.05%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 02:09
Updated-07 Apr, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10039
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-3.27% / 86.89%
||
7 Day CHG-0.08%
Published-31 Jul, 2025 | 14:55
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GestioIP 3.0 ip_checkhost.cgi RCE

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.

Action-Not Available
Vendor-GestioIP
Product-IPAM
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-10073
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 21:32
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-53376
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.12% / 62.08%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 15:55
Updated-29 Sep, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.

Action-Not Available
Vendor-dokployDokploy
Product-dokploydokploy
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 22
  • 23
  • Next
Details not found