Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com
A security flaw has been discovered in Edimax BR-6675nD 1.12. This affects the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's s
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulati
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An auth
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com
CVE-2024-52959
CRITICAL CVSS 9.3
Find Similar
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perfor
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the m
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com
Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulati
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
CVE-2025-64127
CRITICAL CVSS 10.0
Find Similar
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To explo
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.
A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument inter
MimeKit is a C# library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension (MIME), as defined by numerous IETF specifications. Prior to version 4