Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must firs
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by i
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
CVE-2026-10520
CRITICAL CVSS 10.0 KEV
Find Similar
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVE-2024-55030
CRITICAL CVSS 9.8
Find Similar
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
CVE-2025-34035
CRITICAL CVSS 10.0
Find Similar
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fi
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing
A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account.
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbi
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud up
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious ins
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitr
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers c
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticate
CVE-2025-34024
CRITICAL CVSS 9.4
Find Similar
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the
OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_
CVE-2025-62353
CRITICAL CVSS 9.8
Find Similar
A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulner
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access
Page 1+ Next →