Robuta

https://cvefeed.io/vuln/detail/CVE-2024-4577 CVE-2024-4577 - PHP-CGI OS Command Injection Vulnerability - [Actively Exploited] Nov 3, 2025 - In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain... os command injectioncvephpcgi https://radar.offseq.com/threat/cve-2026-6219-command-injection-in-aandrew-me-ytdo-7fe71fa6 CVE-2026-6219: Command Injection in aandrew-me ytDownloader - Live Threat Intelligence - Threat... May 11, 2026 - Detailed information about CVE-2026-6219: Command Injection in aandrew-me ytDownloader affecting aandrew-me ytDownloader. Get real-time updates, technical detai command injection https://hackaday.com/tag/command-injection/ Command Injection | Hackaday command injectionhackaday https://pupuweb.com/cisco-200-201-identifying-command-injection-attacks-against-web-applications/ Cisco 200-201: Identifying Command Injection Attacks Against Web Applications - PUPUWEB Mar 19, 2024 - Learn how to recognize command injection attacks, a common web application vulnerability, with an in-depth explanation and real-world example. Question command injectionweb applicationsciscoidentifying https://advisories.gitlab.com/pypi/mlflow/CVE-2023-4033/ mlflow vulnerable to OS Command Injection | GitLab Advisory Database (GLAD) CVE-2023-4033 mlflow vulnerable to OS Command Injection: OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. os command injectionmlflowvulnerablegitlabadvisory https://guard-api.com/guides/how-to-fix-command-injection-in-symfony/ Fix Command Injection in Symfony | GuardAPI Security Guide command injectionfixsymfonysecurityguide https://advisories.gitlab.com/pypi/salt/CVE-2021-31607/ Command Injection in SaltStack Salt | GitLab Advisory Database (GLAD) CVE-2021-31607 Command Injection in SaltStack Salt: In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module... command injectionsaltstackgitlabadvisorydatabase https://cyberiumx.com/write-ups/portswigger-command-injection/ Portswigger | Command Injection Vulnerability | Os Command Dec 11, 2023 - In this blog, we are going to focus on how to find and use the OS Command Injection vulnerabilities on the websites. command injectionportswiggervulnerabilityos https://guard-api.com/guides/how-to-fix-command-injection-in-bottle/ Fix Command Injection in Bottle | GuardAPI Security Guide command injectionfixbottlesecurityguide https://alephsecurity.com/vulns/aleph-2019009 [CVE-2019-19839] Remote command injection via a crafted HTTP request (cmdImportCategory) Dec 17, 2019 - Remote command injection via a crafted HTTP request (cmdImportCategory) command injection https://ms-infra.de/cve-2025-40949-ruggedcom-rox-command-injection-vulnerability/ CVE-2025-40949 - RUGGEDCOM ROX Command Injection Vulnerability - Manuel Schneider May 12, 2026 - CVE ID :CVE-2025-40949 Published : May 12, 2026, 10:16 a.m. | 14 minutes ago Description :A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All command injectioncveroxvulnerabilitymanuel https://s4e.io/tools/acmailer-improper-access-control-to-os-command-injection-cve-2021-20617 CVE-2021-20617 Scanner - OS Command Injection vulnerability in Acmailer Detects 'OS Command Injection' vulnerability in Acmailer affects v. 4.0.1 and earlier / acmailer DB 1.1.3 and earlier. os command injectioncvescannervulnerability https://www.miggo.io/vulnerability-database/cve/GHSA-chqc-8p9q-pq6q GHSA-chqc-8p9q-pq6q: basic-ftp Path Command Injection | Miggo basic-ftp FTP command injection via unsanitized CRLF in path parameters grants attackers arbitrary command execution for file deletion or data exfiltration. command injectionghsabasicftppath https://wh0.github.io/2021/10/24/shell-quote-rce.html Command injection through shell-quote command injectionshellquote https://www.yeswehack.com/fr/learn-bug-bounty/ultimate-guide-os-command-injection The ultimate Bug Bounty guide to OS command injection | YesWeHack Apr 14, 2026 - Often leading to RCE, OS command injection is a core Bug Bounty skillset. This guide features direct, blind, OOB, time-based and second-order walkthroughs. os command injectionthe ultimatebug bountyguide toyeswehack https://unit42.paloaltonetworks.com/cve-2020-4006/?pdf=print&lg=en&_wpnonce=949b5ed951 Threat Brief: VMware Command Injection Vulnerability (CVE-2020-4006) Jun 6, 2024 - We share information about CVE-2020-4006 and recommendations for how to mitigate. threat briefcommand injectionvmwarevulnerabilitycve https://guard-api.com/guides/how-to-fix-command-injection-in-plug/ Fix Command Injection in Plug | GuardAPI Security Guide command injectionfixplugsecurityguide https://advisories.gitlab.com/npm/is-http2/CVE-2022-25906/ is-http2 vulnerable to Command Injection | GitLab Advisory Database (GLAD) CVE-2022-25906 is-http2 vulnerable to Command Injection: All versions of the package is-http2 is vulnerable to Command Injection due to missing input... command injectionvulnerablegitlabadvisorydatabase https://guard-api.com/guides/how-to-fix-command-injection-in-gin/ Fix Command Injection in Gin | GuardAPI Security Guide command injectionfixginsecurityguide https://advisories.gitlab.com/pypi/pydash/CVE-2023-26145/ pydash Command Injection vulnerability | GitLab Advisory Database (GLAD) CVE-2023-26145 pydash Command Injection vulnerability: This affects versions of the package pydash before 6.0.0. A number of pydash methods such as... command injectionvulnerabilitygitlabadvisorydatabase https://mobasi.ai/blog/sentinel-update-20260405 Sentinel update: command injection vulnerabilities remediated in UAC | Mobasi Apr 5, 2026 - As of April 5, 2026, Mobasi's Sentinel program includes three remediated command injection findings in UAC, the Unix-like Artifacts Collector. command injectionsentinelupdatevulnerabilitiesuac https://bugs.kali.org/view.php?id=2201 0002201: commix - command injection and exploitation tool - Kali Linux Bug Tracker command injectionkali linux https://advisories.gitlab.com/npm/openclaw/GHSA-82gw-wqw6-r2cf/ Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled... GHSA-82gw-wqw6-r2cf Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation: Duplicate Advisory... command injectionduplicateadvisoryvia https://advisories.gitlab.com/npm/snyk-python-plugin/CVE-2022-22984/ Improper Neutralization of Special Elements used in a Command ('Command Injection') | GitLab... CVE-2022-22984 Improper Neutralization of Special Elements used in a Command ('Command Injection'): The package snyk before 1.1064.0; the package... special elementscommand injectionimproperneutralization https://s4e.io/tools/totolink-router-command-injection-cve-2024-24329 CVE-2024-24329 Scanner - Command Injection vulnerability in TotoLink Router Detects 'Command Injection' vulnerability in TotoLink Router affects v. TOTOLINK A3300R V17.0.0cu.557_B20221024. command injectioncvescannervulnerabilitytotolink https://advisories.gitlab.com/golang/github.com/digitalocean/droplet-agent/CVE-2026-24516/ DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint | GitLab Advisory... CVE-2026-24516 DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint: A command injection vulnerability exists in DigitalOcean Droplet... command injectionservice endpointdigitaloceandropletagent https://security.snyk.io/vuln/SNYK-JS-ELGENTOSMAGENTO2DEVMCP-15954329 Arbitrary Command Injection in @elgentos/magento2-dev-mcp | CVE-2026-5603 | Snyk Medium severity (4.8) Arbitrary Command Injection in @elgentos/magento2-dev-mcp | CVE-2026-5603 command injection https://smartermsp.com/tag/command-injection-vulnerability/ command injection vulnerability Archives - Smarter MSP command injectionvulnerabilityarchivessmartermsp https://www.sentinelone.com/vulnerability-database/cve-2026-40176/ CVE-2026-40176: Composer Command Injection RCE Vulnerability CVE-2026-40176 is a command injection RCE vulnerability in Composer for PHP. Learn about its impact, affected versions, and mitigation methods. command injectioncvecomposerrcevulnerability https://advisories.gitlab.com/golang/github.com/containers/podman/v4/CVE-2026-33414/ PowerShell Command Injection in Podman HyperV Machine | GitLab Advisory Database (GLAD) CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine: A command injection vulnerability exists in Podman's HyperV machine backend. The VM image... command injectionpowershellpodman https://cvefeed.io/vuln/detail/CVE-2024-39783 CVE-2024-39783 - Wavlink AC3000 Command Injection Vulnerability Nov 3, 2025 - Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP... command injectioncvewavlinkvulnerability https://www.leakycreds.com/vulnerability/CVE-2026-6155 CVE-2026-6155 - Totolink A7100RU - Command Injection | LeakyCreds Technical analysis of CVE-2026-6155 including critical severity, CVSS 9.8, impact assessment, and exploitation activity. Updated vulnerability intelligence by... command injectioncvetotolink https://stinner-it.com/active-exploitation-of-solarview-compact-command-injection-vulnerabilities-cve-2022-40881-cve-2022-29303-120/ Active Exploitation of SolarView Compact Command Injection Vulnerabilities (CVE-2022-40881,... command injectionactiveexploitationcompact https://www.dlink.com/be/nl/support/support-news/2023/october/26/dap-x1860-command-injection DAP-X1860 Command Injection | D-Link command injectiondap https://www.sentinelone.com/vulnerability-database/cve-2026-5679/ CVE-2026-5679: Totolink A3300R Command Injection Vulnerability CVE-2026-5679 is an OS command injection vulnerability in Totolink A3300R router. Learn about its impact, affected versions, and mitigation methods. command injectioncvetotolinkvulnerability https://rubysec.com/advisories/CVE-2020-8130/ CVE-2020-8130 (rake): OS Command Injection in Rake - RubySec CVE-2020-8130 (rake): OS Command Injection in Rake August 29th, 2019 ... os command injectioncverakerubysec https://advisories.gitlab.com/composer/baserproject/basercms/CVE-2023-43792/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2023-43792 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Improper Neutralization of Special Elements used in... os command injectionspecial elements https://advisories.gitlab.com/maven/org.jeecgframework.boot/jeecg-boot-parent/CVE-2023-34603/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | GitLab... CVE-2023-34603 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): JeecgBoot up to v 3.5.1 was discovered to contain a SQL... special elements https://advisories.gitlab.com/composer/drupal/ai/CVE-2025-31692/ Drupal AI Vulnerable to OS Command Injection via Optional Automator Types | GitLab Advisory... CVE-2025-31692 Drupal AI Vulnerable to OS Command Injection via Optional Automator Types: Improper Neutralization of Special Elements used in an OS Command... os command injection https://www.coresecurity.com/core-labs/advisories/e107-cms-script-command-injection e107 CMS Script Command Injection 1. Advisory Information Title: e107 CMS Script Command Injection Advisory ID: CORE-2011-0810 Advisory URL:... cmsscriptcommandinjection https://research.averlon.ai/vulnerability-intelligence/cve/CVE-2026-40111 CVE-2026-40111: PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor... PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly... https://devhub.checkmarx.com/cve-details/cve-2022-37112/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... May 9, 2023 - BlueCMS 1.6 has SQL injection in line 55 of admin/model.php special elementsin animproperneutralization https://advisories.gitlab.com/maven/org.jenkins-ci.plugins/git-client/CVE-2019-10392/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2019-10392 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Jenkins Git Client Plugin 2.8.4 and earlier and... os command injectionspecial elements https://pcidssguide.com/what-is-os-command-injection-how-to-prevent-it/ What is OS Command Injection and How to Prevent It? - PCI DSS GUIDE Oct 9, 2023 - OS Command Injection is a web vulnerability that could allow an attacker to execute commands from an arbitrary operating system on the server running an... os command injectionhow to prevent https://devhub.checkmarx.com/cve-details/cve-2021-46448/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... special elementsin animproperneutralization https://pentest-tools.com/vulnerabilities-exploits/acmailer-improper-access-control-to-os-command-injection_28378 Acmailer - Improper Access Control to OS Command Injection (CVE-2021-20617) - Vulnerability &... Improper access control vulnerability in acmailer ver. os command injectionaccess control https://advisories.gitlab.com/pypi/ethyca-fides/CVE-2023-48224/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2023-48224 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Fides is an open-source privacy engineering platform... os command injectionspecial elements https://devhub.checkmarx.com/cve-details/cve-2008-1644/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... May 9, 2023 - SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.... special elementsin animproperneutralization https://cvefeed.io/vuln/detail/CVE-2026-4209 CVE-2026-4209 - D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection Apr 29, 2026 - A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L,... https://stinner-it.com/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild-208/ TP-Link Archer AX-21 Command Injection Vulnerability (CVE-2023-1389) Exploited in the Wild |... https://cvefeed.io/vuln/detail/CVE-2019-6014 CVE-2019-6014 - DBA-1510P Web Command Injection Nov 21, 2024 - DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. cvedbawebcommandinjection https://www.invicti.com/web-application-vulnerabilities/piwigo-improper-neutralization-of-special-elements-used-in-an-sql-command-sql-injection-vulnerability-cve-2014-4649 Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrato... Piwigo Improper... special elements https://devhub.checkmarx.com/cve-details/cve-2009-1909/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via... special elementsin animproperneutralization https://advisories.gitlab.com/nuget/microsoft.netcore.app.runtime.linux-musl-arm/CVE-2023-24936/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2023-24936 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): .NET, .NET Framework, and Visual Studio Elevation of... os command injectionspecial elements https://devhub.checkmarx.com/cve-details/cve-2022-40119/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... May 9, 2023 - Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. special elementsin animproperneutralization https://devhub.checkmarx.com/cve-details/cve-2015-8298/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... May 9, 2023 - Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1)... special elementsin animproperneutralization https://advisories.gitlab.com/npm/codify/GMS-2020-193/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... GMS-2020-193 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Improper Neutralization of Special Elements used in an... os command injectionspecial elements https://zerodai.com/en/vulnerabilities/cve/cve-2022-32203 CVE-2022-32203 [CRITICAL]: There is a command injection vulnerability in Huawei terminal printer... Jan 10, 2025 - There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printe... https://railroader.org/docs/warning_types/command_injection/ Railroader | Command Injection Injection is #1 on the 2010 OWASP Top Ten web security risks. Command injection occurs when shell commands unsafely include user-manipulatable values. There... railroadercommandinjection https://advisories.gitlab.com/nuget/microsoft.netcore.app.runtime.osx-x64/CVE-2023-21538/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2023-21538 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): .NET Denial of Service Vulnerability. os command injectionspecial elements https://devhub.checkmarx.com/cve-details/cve-2006-7116/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -... SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass... special elementsin animproperneutralization https://securing.website/ai-in-the-browser-how-to-harden-extensions-and-assistants-ag Hardening Browser AI Against Command Injection Apr 15, 2026 - A developer-focused guide to hardening browser AI against command injection with CSP, sandboxing, allowlists, and telemetry. browser aihardeningcommandinjection https://advisories.gitlab.com/nuget/microsoft.netcore.app.runtime.win-x86/CVE-2023-29331/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2023-29331 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): .NET, .NET Framework, and Visual Studio Denial of... os command injectionspecial elements https://advisories.gitlab.com/composer/phpmyadmin/phpmyadmin/CVE-2020-22452/ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | GitLab... CVE-2020-22452 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'): SQL Injection vulnerability in function... special elements https://devhub.checkmarx.com/cve-details/cve-2023-22762/ Improper Neutralization of Special Elements used in a Command ('Command Injection') -... May 9, 2023 - Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the... special elementsimproperneutralizationusedcommand https://advisories.gitlab.com/maven/org.apache.tomcat/tomcat/CVE-2016-0714/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2016-0714 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): The session-persistence implementation in Apache... os command injectionspecial elements https://advisories.gitlab.com/maven/org.jenkins-ci.plugins/simple-travis-runner/CVE-2019-10380/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2019-10380 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Jenkins Simple Travis Pipeline Runner Plugin 1.0 and... os command injectionspecial elements https://stinner-it.com/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild-65/ TP-Link Archer AX-21 Command Injection Vulnerability (CVE-2023-1389) Exploited in the Wild |... https://advisories.gitlab.com/pypi/nvflare/CVE-2022-34668/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... CVE-2022-34668 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): NVFLARE, versions prior to 2.1.4, contains a... os command injectionspecial elements https://thecybernews.com/1m-wordpress-sites-exposed/ 1 Million WordPress Sites At Risk Of RCE Attacks Due To W3 Total Cache Command Injection... Nov 20, 2025 - A critical security flaw in the popular W3 Total Cache WordPress plugin has exposed over one million websites to remote code execution https://devhub.checkmarx.com/cve-details/cve-2024-1624/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') -... special elementsin animproperneutralization https://devhub.checkmarx.com/cve-details/cve-2021-22864/ Improper Neutralization of Special Elements used in a Command ('Command Injection') -... May 9, 2023 - A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled... special elementsimproperneutralizationusedcommand https://advisories.gitlab.com/composer/wwbn/avideo/GMS-2023-226/ Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | GitLab... GMS-2023-226 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'): Improper Neutralization of Special Elements used in an... os command injectionspecial elements