Export limit exceeded: 20918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13712 | 2026-04-15 | 7.8 High | ||
| A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected. | ||||
| CVE-2025-8696 | 1 Isc | 1 Stork | 2026-04-15 | 7.5 High |
| If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0. | ||||
| CVE-2025-15388 | 1 Qno Technology | 1 Vpn Firewall | 2026-04-15 | 8.8 High |
| VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||||
| CVE-2022-20655 | 1 Cisco | 8 Carrier Packet Transport, Catalyst Sd-wan Manager, Enterprise Nfv Infrastructure Software and 5 more | 2026-04-15 | 8.8 High |
| A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root. | ||||
| CVE-2025-23049 | 2026-04-15 | N/A | ||
| Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled. | ||||
| CVE-2024-5672 | 2026-04-15 | 7.2 High | ||
| A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2024-39927 | 2026-04-15 | 8.2 High | ||
| Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed. | ||||
| CVE-2024-7728 | 1 Cayintech | 3 Cms-se, Cms-se\(18.04\), Cms-se\(22.04\) | 2026-04-15 | 7.2 High |
| The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server. | ||||
| CVE-2025-10619 | 1 Sequa-ai | 1 Sequa-mcp | 2026-04-15 | 6.3 Medium |
| A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 1.0.14 is able to mitigate this issue. The patch is named e569815854166db5f71c2e722408f8957fb9e804. It is recommended to upgrade the affected component. The vendor explains: "We only promote that mcp server with our own URLs that have a valid response, but yes if someone would use it with a non sequa url, this is a valid attack vector. We have released a new version (1.0.14) that fixes this and validates that only URLs can be opened." | ||||
| CVE-2023-47282 | 2026-04-15 | 3.9 Low | ||
| Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-37129 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 6.7 Medium |
| A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures. | ||||
| CVE-2023-1082 | 2026-04-15 | 8.8 High | ||
| An remote attacker with low privileges can perform a command injection which can lead to root access. | ||||
| CVE-2024-47919 | 2026-04-15 | 9.8 Critical | ||
| Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2025-3873 | 2026-04-15 | N/A | ||
| The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha | ||||
| CVE-2012-10039 | 1 Zevenet | 1 Zen Load Balancer | 2026-04-15 | N/A |
| ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor. | ||||
| CVE-2023-44976 | 2026-04-15 | 3.2 Low | ||
| Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023. | ||||
| CVE-2025-52994 | 1 Phpthumb Project | 1 Phpthumb | 2026-04-15 | 4.9 Medium |
| gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709. | ||||
| CVE-2025-48501 | 2026-04-15 | N/A | ||
| An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running. | ||||
| CVE-2024-36274 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-0234 | 2026-04-15 | 5.3 Medium | ||
| Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver. | ||||