Total
5148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-69269 | 3 Broadcom, Linux, Microsoft | 3 Dx Netops Spectrum, Linux Kernel, Windows | 2026-01-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier. | |||||
| CVE-2025-66052 | 1 Vivotek | 2 Ip7137, Ip7137 Firmware | 2026-01-14 | N/A | 7.2 HIGH |
| Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default, The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | |||||
| CVE-2026-22718 | 2026-01-14 | N/A | 6.8 MEDIUM | ||
| The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine. | |||||
| CVE-2022-50909 | 2026-01-14 | N/A | 8.8 HIGH | ||
| Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request. | |||||
| CVE-2024-52961 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | |||||
| CVE-2024-27778 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | |||||
| CVE-2023-26210 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2026-01-14 | N/A | 7.8 HIGH |
| Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | |||||
| CVE-2024-23109 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | N/A | 10.0 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | N/A | 10.0 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2024-21756 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | |||||
| CVE-2024-21755 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | |||||
| CVE-2023-47540 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | N/A | 6.7 MEDIUM |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker to execute unauthorized code or commands via CLI. | |||||
| CVE-2023-34992 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | N/A | 10.0 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests. | |||||
| CVE-2025-53679 | 1 Fortinet | 2 Fortisandbox Paas, Fortisandbox | 2026-01-14 | N/A | 7.2 HIGH |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | |||||
| CVE-2024-50566 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2026-01-14 | N/A | 7.2 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | |||||
| CVE-2024-12010 | 1 Zyxel | 82 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 79 more | 2026-01-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2024-11253 | 1 Zyxel | 12 Dm4200-b0, Dm4200-b0 Firmware, Emg5723-t50k and 9 more | 2026-01-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2024-12009 | 1 Zyxel | 76 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 73 more | 2026-01-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | |||||
| CVE-2023-53963 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-01-13 | N/A | 9.8 CRITICAL |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges. | |||||
| CVE-2022-50793 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-01-13 | N/A | 8.8 HIGH |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges. | |||||