Total
5574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30302 | 2 Coderider, Coderider-kilo | 2 Coderider-kilo, Coderider | 2026-04-03 | 10 Critical |
| The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to analyze commands on the Windows platform, coupled with a failure to correctly handle Windows CMD-specific escape sequences (^). Attackers can exploit this discrepancy between the parsing logic and the execution environment by constructing payloads such as git log ^" & malicious_command ^". The CodeRider-Kilo parser is deceived by the escape characters, misinterpreting the malicious command connector (&) as being within a protected string argument and thus auto-approving the command. However, the underlying Windows CMD interpreter ignores the escaped quotes, parsing and executing the subsequent malicious command directly. This allows attackers to achieve arbitrary Remote Code Execution (RCE) after bypassing what appears to be a legitimate Git whitelist check. | ||||
| CVE-2026-30312 | 1 Necboy | 1 Dsaic-line | 2026-04-03 | 9.8 Critical |
| DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction. | ||||
| CVE-2026-30309 | 1 Tokfinity | 1 Infcode | 2026-04-03 | 7.8 High |
| InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (such as powershell), and the matching algorithm lacks dynamic semantic parsing unable to recognize string concatenation, variable assignment, or double-quote interpolation in Shell syntax. Malicious commands can bypass interception through simple syntax obfuscation. An attacker can construct a file containing malicious instructions for remote code injection. When a user imports and views such a file in the IDE, the Agent executes dangerous PowerShell commands outside the blacklist without user confirmation, resulting in arbitrary command execution or sensitive data leakage. | ||||
| CVE-2026-21861 | 2 Basercms, Baserproject | 2 Basercms, Basercms | 2026-04-03 | 9.1 Critical |
| baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3. | ||||
| CVE-2026-30880 | 2 Basercms, Baserproject | 2 Basercms, Basercms | 2026-04-03 | 9.8 Critical |
| baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3. | ||||
| CVE-2026-30877 | 2 Basercms, Baserproject | 2 Basercms, Basercms | 2026-04-03 | 9.1 Critical |
| baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3. | ||||
| CVE-2026-3841 | 1 Tp-link | 2 Tl-mr6400, Tl-mr6400 Firmware | 2026-04-02 | 8.8 High |
| A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability. | ||||
| CVE-2026-32917 | 1 Openclaw | 1 Openclaw | 2026-04-02 | 9.8 Critical |
| OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled. | ||||
| CVE-2025-15518 | 1 Tp-link | 19 Archer Nx200, Archer Nx200 Firmware, Archer Nx200 V1.0 and 16 more | 2026-04-02 | 7.2 High |
| Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. | ||||
| CVE-2025-15519 | 1 Tp-link | 19 Archer Nx200, Archer Nx200 Firmware, Archer Nx200 V1.0 and 16 more | 2026-04-02 | 7.2 High |
| Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. | ||||
| CVE-2026-27650 | 1 Buffalo | 93 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 90 more | 2026-04-02 | 9.8 Critical |
| OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | ||||
| CVE-2026-33874 | 2 Apple, Gematik | 3 Macos, App-authenticator, Authenticator | 2026-04-02 | 7.8 High |
| Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds. | ||||
| CVE-2025-15379 | 1 Mlflow | 1 Mlflow | 2026-04-02 | 10.0 Critical |
| A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2. | ||||
| CVE-2026-33030 | 2 0xjacky, Nginxui | 2 Nginx-ui, Nginx Ui | 2026-04-02 | 8.8 High |
| Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a user_id field, and all resource endpoints perform queries by ID without verifying user ownership, enabling complete authorization bypass in multi-user environments. At time of publication, there are no publicly available patches. | ||||
| CVE-2024-51661 | 1 Davidlingren | 1 Media Library Assistant | 2026-04-01 | 7.2 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.19. | ||||
| CVE-2024-49281 | 1 Ninjateam | 1 Click To Chat | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through <= 2.3.3. | ||||
| CVE-2026-5125 | 1 Raine | 1 Consult-llm-mcp | 2026-04-01 | 5.3 Medium |
| A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument git_diff.base_ref/git_diff.files results in os command injection. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 2.5.4 addresses this issue. The patch is identified as 4abf297b34e5e8a9cb364b35f52c5f0ca1d599d3. Upgrading the affected component is recommended. | ||||
| CVE-2025-14213 | 1 Cato Networks | 1 Socket | 2026-04-01 | N/A |
| Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system. | ||||
| CVE-2026-0596 | 1 Mlflow | 1 Mlflow | 2026-04-01 | N/A |
| A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users. | ||||
| CVE-2026-5007 | 1 Kazuph | 1 Mcp-docs-rag | 2026-04-01 | 5.3 Medium |
| A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||