Total
5161 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27778 | 1 Fortinet | 1 Fortisandbox | 2026-01-15 | 8.3 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.5 through 3.0.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2026-21267 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-01-14 | 8.6 High |
| Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed. | ||||
| CVE-2023-54339 | 1 Jokkedk | 1 Webgrind | 2026-01-14 | 9.8 Critical |
| Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system. | ||||
| CVE-2025-69269 | 3 Broadcom, Linux, Microsoft | 3 Dx Netops Spectrum, Linux Kernel, Windows | 2026-01-14 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects DX NetOps Spectrum: 23.3.6 and earlier. | ||||
| CVE-2025-66052 | 1 Vivotek | 2 Ip7137, Ip7137 Firmware | 2026-01-14 | 7.2 High |
| Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default, The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | ||||
| CVE-2022-50909 | 1 Algosolutions | 1 Algo 8028 | 2026-01-14 | 8.8 High |
| Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request. | ||||
| CVE-2025-37170 | 1 Hpe | 1 Arubaos | 2026-01-14 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37172 | 1 Hpe | 1 Arubaos | 2026-01-14 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37171 | 1 Hpe | 1 Arubaos | 2026-01-14 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2026-22718 | 1 Spring | 1 Cli Vscode Extension | 2026-01-14 | 6.8 Medium |
| The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine. | ||||
| CVE-2022-50919 | 1 Tdarr | 1 Tdarr | 2026-01-14 | 9.8 Critical |
| Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication. | ||||
| CVE-2024-52961 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2023-26210 | 1 Fortinet | 3 Fortiadc, Fortiadc Manager, Fortiadcmanager | 2026-01-14 | 7.8 High |
| Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | ||||
| CVE-2024-23109 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | 9.7 Critical |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests. | ||||
| CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | 9.7 Critical |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests. | ||||
| CVE-2024-21756 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||
| CVE-2024-21755 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||
| CVE-2023-47540 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 6.5 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker to execute unauthorized code or commands via CLI. | ||||
| CVE-2023-34992 | 1 Fortinet | 1 Fortisiem | 2026-01-14 | 9.7 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API requests. | ||||
| CVE-2025-53949 | 1 Fortinet | 1 Fortisandbox | 2026-01-14 | 7 High |
| An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. | ||||