Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8230 |
|
Command Injection in wavlink (CVE-2026-8230)
command injection in wavlink (CVE-2026-8230). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8217 |
|
Command Injection in CVE-2026-8217 (CVE-2026-8217)
command injection in CVE-2026-8217 (CVE-2026-8217). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8210 |
|
Vulnerability in CVE-2026-8210 (CVE-2026-8210)
vulnerability in CVE-2026-8210 (CVE-2026-8210). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42257 |
|
Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-42258 |
|
Command Injection in net-imap (CVE-2026-42258)
command injection in net-imap (CVE-2026-42258). Data can be tampered with by attackers. Exploitable via ``flag``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-8192 |
|
Command Injection in wavlink (CVE-2026-8192)
command injection in wavlink (CVE-2026-8192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8191 |
|
Command Injection in c (CVE-2026-8191)
command injection in c (CVE-2026-8191). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8190 |
|
Command Injection in wavlink (CVE-2026-8190)
command injection in wavlink (CVE-2026-8190). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8189 |
|
Command Injection in wavlink (CVE-2026-8189)
command injection in wavlink (CVE-2026-8189). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8188 |
|
Command Injection in wavlink (CVE-2026-8188)
command injection in wavlink (CVE-2026-8188). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20147 |
|
Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42453 |
|
Command Injection in CVE-2026-42453 (CVE-2026-42453)
command injection in CVE-2026-42453 (CVE-2026-42453). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41497 |
|
Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.
|
| CVE-2024-30167 |
|
Command Injection in CVE-2024-30167 (CVE-2024-30167)
command injection in CVE-2024-30167 (CVE-2024-30167). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-45257 |
|
Command Injection in CVE-2024-45257 (CVE-2024-45257)
command injection in CVE-2024-45257 (CVE-2024-45257). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-47268 |
|
Command Injection in cpp (CVE-2023-47268)
command injection in cpp (CVE-2023-47268). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42271 KEV |
|
[KEV] Command Injection in Berriai litellm (CVE-2026-42271)
command injection in Berriai litellm (CVE-2026-42271). Successful exploitation can lead to full system takeover. Exploitable via `POST /mcp-rest/test/connection`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.83.7` or later.
|
| CVE-2026-41500 |
|
Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-41501 |
|
Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-8112 |
|
Command Injection in 8421bit (CVE-2026-8112)
command injection in 8421bit (CVE-2026-8112). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33111 |
|
Command Injection in microsoft (CVE-2026-33111)
command injection in microsoft (CVE-2026-33111). Confidential information can be exposed externally.
|
| CVE-2026-35428 |
|
Command Injection in microsoft (CVE-2026-35428)
command injection in microsoft (CVE-2026-35428). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20169 |
|
Command Injection in cisco (CVE-2026-20169)
command injection in cisco (CVE-2026-20169). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43117 |
|
Vulnerability in linux (CVE-2026-43117)
vulnerability in linux (CVE-2026-43117). Confidential information can be exposed externally.
|
| CVE-2026-7246 |
|
Command Injection in palletsprojects (CVE-2026-7246)
command injection in palletsprojects (CVE-2026-7246). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30352 |
|
Command Injection in CVE-2026-30352 (CVE-2026-30352)
command injection in CVE-2026-30352 (CVE-2026-30352). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40068 |
|
Vulnerability in @anthropic-ai/claude-code (CVE-2026-40068)
vulnerability in @anthropic-ai/claude-code (CVE-2026-40068). Successful exploitation can lead to full system takeover. Exploitable via ``commondir``. Mitigation: upgrade to `2.1.84` or later.
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-4786 |
|
Command Injection in libpython (CVE-2026-4786)
command injection in libpython (CVE-2026-4786). Confidential information can be exposed externally. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-20186 |
|
Command Injection in dos (CVE-2026-20186)
command injection in dos (CVE-2026-20186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30461 |
|
Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
|
| CVE-2026-5463 |
|
Command Injection in pymetasploit3 (CVE-2026-5463)
command injection in pymetasploit3 (CVE-2026-5463). Data can be tampered with by attackers.
|
| CVE-2025-15379 |
|
Command Injection in lfprojects (CVE-2025-15379)
command injection in lfprojects (CVE-2025-15379). Successful exploitation can lead to full system takeover. Exploitable via ``python_env.yaml``.
|
| CVE-2026-23862 |
|
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local...
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
| CVE-2026-22719 KEV |
|
[KEV] Command Injection in Broadcom vmware-aria-operations (CVE-2026-22719)
command injection in Broadcom vmware-aria-operations (CVE-2026-22719). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15366 |
|
Command Injection in CVE-2025-15366 (CVE-2025-15366)
command injection in CVE-2025-15366 (CVE-2025-15366). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66738 |
|
Command Injection in yealink (CVE-2025-66738)
command injection in yealink (CVE-2025-66738). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65363 |
|
Command Injection in ruijie (CVE-2025-65363)
command injection in ruijie (CVE-2025-65363). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64052 |
|
Command Injection in fanvil (CVE-2025-64052)
command injection in fanvil (CVE-2025-64052). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57201 |
|
Command Injection in avtech (CVE-2025-57201)
command injection in avtech (CVE-2025-57201). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57198 |
|
Command Injection in avtech (CVE-2025-57198)
command injection in avtech (CVE-2025-57198). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57199 |
|
Command Injection in avtech (CVE-2025-57199)
command injection in avtech (CVE-2025-57199). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57200 |
|
Command Injection in avtech (CVE-2025-57200)
command injection in avtech (CVE-2025-57200). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63674 |
|
Command Injection in blurams (CVE-2025-63674)
command injection in blurams (CVE-2025-63674). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63258 |
|
Command Injection in CVE-2025-63258 (CVE-2025-63258)
command injection in CVE-2025-63258 (CVE-2025-63258). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60672 |
|
Command Injection in dlink (CVE-2025-60672)
command injection in dlink (CVE-2025-60672). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60673 |
|
Command Injection in dlink (CVE-2025-60673)
command injection in dlink (CVE-2025-60673). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60675 |
|
Command Injection in dlink (CVE-2025-60675)
command injection in dlink (CVE-2025-60675). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60676 |
|
Command Injection in dlink (CVE-2025-60676)
command injection in dlink (CVE-2025-60676). Risk of unauthorized operations or information disclosure.
|