Total
3267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48015 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 6.7 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2024-48017 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 6.5 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-22473 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-22472 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges. | ||||
| CVE-2025-23239 | 1 F5 | 12 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 9 more | 2026-02-26 | 8.7 High |
| When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-31644 | 1 F5 | 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more | 2026-02-26 | 8.7 High |
| When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2026-02-26 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-43012 | 1 Jetbrains | 1 Toolbox | 2026-02-26 | 8.3 High |
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | ||||
| CVE-2025-4008 | 1 Smartbedded | 2 Meteobridge Firmware, Meteobridge Vm | 2026-02-26 | 8.8 High |
| The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. | ||||
| CVE-2025-20258 | 1 Cisco | 1 Duo | 2026-02-26 | 5.4 Medium |
| A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users. | ||||
| CVE-2025-5264 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Rhel Aus and 4 more | 2026-02-26 | 4.8 Medium |
| Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||
| CVE-2025-5265 | 1 Mozilla | 1 Firefox | 2026-02-26 | 4.8 Medium |
| Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||
| CVE-2025-4089 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 5.1 Medium |
| Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-37089 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37091 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 7.2 High |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37092 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37096 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-20278 | 1 Cisco | 8 Finesse, Socialminer, Unified Communications Manager and 5 more | 2026-02-26 | 6 Medium |
| A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. | ||||
| CVE-2025-22481 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-26 | 8.8 High |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | ||||
| CVE-2025-4231 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2026-02-26 | 7.2 High |
| A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||