Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14802 |
|
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
|
| CVE-2026-57950 |
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
|
| CVE-2025-67038 KEV |
|
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
|
| CVE-2026-12187 |
|
Vulnerability in CVE-2026-12187 (CVE-2026-12187)
vulnerability in CVE-2026-12187 (CVE-2026-12187). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49366 |
|
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
|
| CVE-2026-41497 |
|
Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.
|
| CVE-2026-8153 |
|
OS Command Injection in iot-embedded (CVE-2026-8153)
OS command injection in iot-embedded (CVE-2026-8153). Successful exploitation can lead to full system takeover.
|
| CVE-2024-51092 |
|
OS Command Injection in command-injection (CVE-2024-51092)
OS command injection in command-injection (CVE-2024-51092). Confidential information can be exposed externally. Exploitable via ``version_netsnmp``.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2026-41500 |
|
Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-41501 |
|
Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-35428 |
|
Command Injection in microsoft (CVE-2026-35428)
command injection in microsoft (CVE-2026-35428). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63706 |
|
Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43197 |
|
Vulnerability in linux (CVE-2026-43197)
vulnerability in linux (CVE-2026-43197). Confidential information can be exposed externally.
|
| CVE-2026-6849 |
|
Improper neutralization of special elements used in an OS command ('OS command injection')...
Improper neutralization of special elements used in an OS command ('OS command injection')...
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23862 |
|
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local...
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2022-27224 |
|
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
|
| CVE-2015-2280 |
|
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands vi...
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
|