Search Results (21030 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-36045 1 Sipeed 1 Picoclaw 2026-06-17 7.3 High
picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete.
CVE-2026-23699 1 Ruijie 3 Ap180, Ap180-ac, Ap180-pe 2026-06-17 N/A
AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.
CVE-2026-22550 1 Elecom 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more 2026-06-17 8.8 High
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
CVE-2026-36576 1 Openlabs 1 Docker-wkhtmltopdf-aas 2026-06-17 9.8 Critical
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2026-25108 2 Soliton, Soliton Systems K.k. 2 Filezen, Filezen 2026-06-17 8.8 High
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
CVE-2026-25836 1 Fortinet 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas 2026-06-17 6.7 Medium
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
CVE-2026-31386 2 Litespeed Technologies, Litespeedtech 4 Lsws Enterprise, Openlitespeed, Litespeed Web Server and 1 more 2026-06-17 N/A
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
CVE-2026-26831 1 Dbashford 1 Textract 2026-06-17 9.8 Critical
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization
CVE-2026-41015 1 Radare 1 Radare2 2026-06-17 7.4 High
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.3.
CVE-2026-26943 1 Dell 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dp Series Appliance 2026-06-17 7.2 High
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-22761 1 Dell 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dp Series Appliance 2026-06-17 6.7 Medium
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-35506 1 Elecom 4 Wrc-be65qsd-b, Wrc-be72xsd-b, Wrc-be72xsd-ba and 1 more 2026-06-17 N/A
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.
CVE-2026-42062 1 Elecom 4 Wrc-be65qsd-b, Wrc-be72xsd-b, Wrc-be72xsd-ba and 1 more 2026-06-17 N/A
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.
CVE-2026-38065 2026-06-17 9.8 Critical
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
CVE-2026-20759 1 Toa Corporation 1 Trifora 3 Series 2026-06-17 N/A
OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.
CVE-2026-24788 1 Raspap 1 Raspap-webgui 2026-06-17 N/A
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
CVE-2026-46173 1 Linux 1 Linux Kernel 2026-06-17 7.8 High
In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedule(), which has a comment saying "WARNING: must be called with preemption disabled!". If an oopsing task is preempted in do_task_dead(), between becoming TASK_DEAD and entering the scheduler explicitly, bad things happen: finish_task_switch() assumes that once the scheduler has switched away from a TASK_DEAD task, the task can never run again and its stack is no longer needed; but that assumption apparently doesn't hold if the dead task was preempted (the SM_PREEMPT case). This means that the scheduler ends up repeatedly dropping references on the dead task's stack, which can lead to use-after-free or double-free of the entire task stack; in other words, two tasks can end up running on the same stack, resulting in various kinds of memory corruption. (This does not just affect "recursively oopsing" tasks; it is enough to oops once during task exit, for example in a file_operations::release handler)
CVE-2025-41276 2 Waterfall, Waterfall-security 3 Wf-500, Wf-500, Wf-500 Firmware 2026-06-17 9.8 Critical
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
CVE-2026-12398 1 Redhat 1 Ansible Automation Platform 2026-06-17 7.5 High
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration.
CVE-2026-44170 1 Mariadb 2 Mariadb, Server 2026-06-17 9.8 Critical
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.