Search Results (21101 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-47105 1 Chaosblade 1 Chaosblade 2026-04-15 8.6 High
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
CVE-2024-42029 1 Xdg 1 Desktop Portal Hyperland 2026-04-15 6.3 Medium
xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.
CVE-2025-43978 2026-04-15 7.4 High
Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
CVE-2024-40895 2026-04-15 6.4 Medium
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
CVE-2025-1229 1 Olajowon 1 Loggrove 2026-04-15 6.3 Medium
A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVE-2025-41413 2026-04-15 7.8 High
Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
CVE-2025-1036 1 Hitachienergy 1 Tropos 2026-04-15 N/A
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.
CVE-2024-5421 2026-04-15 N/A
Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
CVE-2025-7145 1 Teamt5 1 Threatsonar Anti-ransomware 2026-04-15 7.2 High
ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host.
CVE-2024-42502 1 Arubanetworks 1 Arubaos 2026-04-15 7.2 High
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
CVE-2025-27234 1 Zabbix 4 Zabbix, Zabbix-agent, Zabbix-agent2 and 1 more 2026-04-15 N/A
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
CVE-2024-36324 1 Amd 25 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro V520, Radeon Pro V620 and 22 more 2026-04-15 8.8 High
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
CVE-2024-11983 1 Billion Electric 4 M100, M120n, M150 and 1 more 2026-04-15 7.2 High
Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.
CVE-2025-8696 1 Isc 1 Stork 2026-04-15 7.5 High
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.
CVE-2024-8934 1 Beckhoff 1 Twincat Packet Manager 2026-04-15 6.5 Medium
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
CVE-2025-20016 2026-04-15 7.2 High
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command.
CVE-2025-10440 2 D-link, Dlink 6 Di-8003g, Di-8100, Di-8100g and 3 more 2026-04-15 6.3 Medium
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-20014 1 Myscada 1 Mypro Manager 2026-04-15 9.8 Critical
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
CVE-2024-58286 1 Vexorian 1 Dizquetv 2026-04-15 N/A
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.
CVE-2025-24306 2026-04-15 N/A
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege.