Total
3268 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46365 | 1 Dell | 1 Cloudlink | 2026-02-26 | 5.3 Medium |
| Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. | ||||
| CVE-2025-9223 | 1 Zohocorp | 2 Applications Manager, Manageengine Applications Manager | 2026-02-26 | 8.8 High |
| Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature. | ||||
| CVE-2025-1910 | 1 Watchguard | 1 Mobile Vpn With Ssl Client | 2026-02-26 | N/A |
| The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2. | ||||
| CVE-2025-58132 | 2 Microsoft, Zoom | 6 Windows, Meeting Software Development Kit, Rooms and 3 more | 2026-02-26 | 4.1 Medium |
| Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-10020 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2026-02-26 | 8.5 High |
| Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | ||||
| CVE-2025-62214 | 1 Microsoft | 2 Visual Studio, Visual Studio 2022 | 2026-02-26 | 6.7 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally. | ||||
| CVE-2025-62222 | 1 Microsoft | 3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension | 2026-02-26 | 8.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54964 | 1 Baesystems | 1 Socet Gxp | 2026-02-26 | 8.4 High |
| An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution. | ||||
| CVE-2025-46428 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-46427 | 1 Dell | 1 Smartfabric Os10 | 2026-02-26 | 8.8 High |
| Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-1549 | 2 Microsoft, Watchguard | 3 Windows, Mobile Vpn With Ssl, Mobile Vpn With Ssl Client | 2026-02-26 | N/A |
| A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944. This vulnerability is resolved in the Mobile VPN with SSL client for Windows version 12.11.5 | ||||
| CVE-2025-64671 | 1 Microsoft | 2 Gihub Copilot Plugin For Jetbrains Ides, Github Copilot | 2026-02-26 | 8.4 High |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54100 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-02-26 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-37163 | 2 Arubanetworks, Hpe | 2 Airwave, Aruba Airwave | 2026-02-26 | 7.2 High |
| A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. | ||||
| CVE-2026-3040 | 1 Draytek | 2 Vigor300b, Vigor300b Firmware | 2026-02-26 | 4.7 Medium |
| A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor confirms that "300B is EoL, and this is an authenticated vulnerability. We don't plan to fix it." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-21638 | 2 Ubiquiti, Ui | 12 Ubb, Ubb-xg, Udb-pro and 9 more | 2026-02-26 | 8.8 High |
| A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later. | ||||
| CVE-2025-59470 | 1 Veeam | 3 Backup, Veeam, Veeam Backup \& Replication | 2026-02-26 | 9 Critical |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | ||||
| CVE-2025-59468 | 1 Veeam | 3 Backup, Veeam, Veeam Backup \& Replication | 2026-02-26 | 9 Critical |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | ||||
| CVE-2025-37176 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 6.5 Medium |
| A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism. | ||||
| CVE-2025-60021 | 1 Apache | 1 Brpc | 2026-02-26 | 9.8 Critical |
| Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using the extra_options parameter.. Affected scenarios: Use the built-in bRPC heap profiler service to perform jemalloc memory profiling. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.15.0. 2. Apply this patch ( https://github.com/apache/brpc/pull/3101 ) manually. | ||||