Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successf
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vuln
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cm
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2  and Archer AXE75 v1.0. Successful exploitation could allow a
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected s
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing auth
CVE-2025-20358
CRITICAL CVSS 9.8
Find Similar
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissio
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authentic
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending cr
CVE-2014-125118
CRITICAL CVSS 9.4
Find Similar
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php,
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component En
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands thr
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router confi
Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands.
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability all