Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-6349
CRITICAL CVSS 9.3
Find Similar
The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-11900
CRITICAL CVSS 9.3
Find Similar
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-7451
CRITICAL CVSS 9.3
Find Similar
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability
CVE-2025-3363
CRITICAL CVSS 9.8
Find Similar
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-3362
CRITICAL CVSS 9.8
Find Similar
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-3361
CRITICAL CVSS 9.8
Find Similar
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-34037
CRITICAL CVSS 10.0
Find Similar
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly proce
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific S
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via
CVE-2024-29292
CRITICAL CVSS 9.1
Find Similar
Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters.
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating sy
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbi
A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of th
CVE-2025-2071
CRITICAL CVSS 10.0
Find Similar
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted inp
CVE-2025-6559
CRITICAL CVSS 9.3
Find Similar
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The af
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Page 1+ Next →