Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
CVE-2025-50428
CRITICAL CVSS 9.8
Find Similar
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the int
CVE-2024-36622
CRITICAL CVSS 9.8
Find Similar
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile p
CVE-2024-48860
CRITICAL CVSS 9.5
Find Similar
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary comman
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fi
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjace
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have alrea
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input i
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters t
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation o
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input int
CVE-2024-52034
CRITICAL CVSS 10.0
Find Similar
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulne
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input
CVE-2024-39761
CRITICAL CVSS 9.8
Find Similar
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code exec
CVE-2025-64126
CRITICAL CVSS 10.0
Find Similar
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering po
Page 1+ Next →