Command/Scripting Interpreter

CVE-2026-10520 is a critical OS Command Injection vulnerability (CWE-78) in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. It allows a remote un…

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile that allows unauthenticated remote code execution. The vulnerability …

CVE-2026-8398 is a critical supply chain vulnerability (CWE-506) affecting DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434, where attackers trojanize…

CVE-2026-45247 is a critical remote code execution vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12. The flaw stems from…

CVE-2026-25108 is a command injection vulnerability in Soliton Systems K.K.'s FileZen product, specifically affecting the Antivirus Check Option when enabled. I…

CVE-2026-34197 is a high-severity code injection vulnerability in Apache ActiveMQ (versions before 5.19.4 and 6.0.0-6.2.3) caused by improper input validation i…

CVE-2026-42271 is a command injection vulnerability in LiteLLM versions 1.74.2 through 1.83.6 affecting the MCP server preview endpoints. The flaw allows any au…

CVE-2026-22719 is a high-severity command injection vulnerability (CWE-77) in VMware Aria Operations that allows unauthenticated remote code execution during su…

CVE-2026-20245 is a command injection vulnerability in the CLI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) caused by insufficient validation of u…

Trend Micro Apex One on-premise server contains a directory traversal vulnerability (CWE-23) allowing pre-authenticated local attackers with administrative acce…

CVE-2025-29635 is a command injection vulnerability (CWE-77) affecting D-Link DIR-823X firmware versions 240126 and 240802, allowing authorized attackers to exe…

Langflow versions prior to 1.9.0 contain a critical remote code execution vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. The flaw a…

CVE-2025-68613 is a critical Remote Code Execution vulnerability in n8n versions 0.211.0 through 1.120.3, 1.121.0, and 1.121.9, caused by insufficient isolation…

SolarWinds Web Help Desk contains a critical unauthenticated AjaxProxy deserialization vulnerability (CVE-2025-26399) that allows remote code execution on the h…

CVE-2022-20775 is a high-severity vulnerability (CVSS 7.8) in Cisco SD-WAN Software affecting the CLI due to improper access controls. It allows an authenticate…

CVE-2024-7694 affects TeamT5's ThreatSonar Anti-Ransomware, allowing remote attackers with administrator privileges to upload malicious files that execute arbit…

CVE-2026-1731 is a critical remote code execution vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). It allo…

CVE-2025-11953 is a critical command injection vulnerability (CVSS 9.8) in the Metro Development Server provided by the React Native Community CLI, which binds …

CVE-2026-24423 is a critical remote code execution vulnerability in SmarterTools SmarterMail versions prior to build 9511, classified under CWE-306. It allows u…

Sangoma FreePBX Endpoint Manager versions 17.0.2.36 through 17.0.3 contain a post-authentication command injection vulnerability in the filestore module's testc…

SolarWinds Web Help Desk contains a critical untrusted data deserialization vulnerability (CWE-502) that allows remote code execution without authentication. Th…

CVE-2025-20393 is a critical remote code execution vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cis…

CVE-2025-66644 is a command injection vulnerability in Array Networks ArrayOS AG versions prior to 9.4.5.9, classified under CWE-78. The vulnerability has a CVS…

CVE-2025-48703 is a critical remote code execution vulnerability in Control Web Panel (CWP) versions prior to 0.9.8.1205, classified under CWE-78. It allows una…

CVE-2025-24893 is a critical remote code execution vulnerability in XWiki Platform affecting versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. It allows unauth…

CVE-2014-6278 is a command injection vulnerability in GNU Bash through version 4.3 bash43-026, classified under CWE-78. It allows remote attackers to execute ar…

CVE-2025-4008 affects the Meteobridge web interface, a system for managing weather station data collection via CGI shell scripts and C. The vulnerability allows…

CVE-2025-53690 is a critical deserialization vulnerability (CWE-502) in Sitecore Experience Manager (XM) and Experience Platform (XP) versions through 9.0, allo…

CVE-2025-8876 is a command injection vulnerability in N-able N-central versions prior to 2025.3.1, stemming from improper input validation. The vulnerability is…

CVE-2025-49704 is a high-severity code injection vulnerability (CWE-94) in Microsoft Office SharePoint, allowing an authorized attacker to execute code over a n…

CVE-2025-47812 is a critical remote code execution vulnerability in Wing FTP Server versions prior to 7.4.4, caused by mishandling of null bytes in web interfac…

CVE-2025-24016 is a critical remote code execution vulnerability in Wazuh Server versions 4.4.0 through 4.9.1 caused by unsafe deserialization of DistributedAPI…

CVE-2025-32433 is a critical remote code execution vulnerability in Erlang/OTP SSH servers affecting versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2…

CVE-2025-3935 affects ConnectWise ScreenConnect versions 25.2.3 and earlier, involving a ViewState code injection vulnerability (CWE-502) that can lead to remot…

CVE-2023-39780 is a high-severity command injection vulnerability (CWE-78) affecting ASUS RT-AX55 routers running firmware version 3.0.0.4.386.51598, allowing a…

CVE-2024-12987 is a critical command injection vulnerability in DrayTek Vigor2960 and Vigor300B routers running firmware version 1.5.1.4, affecting the Web Mana…

CVE-2025-32756 is a critical stack-based buffer overflow vulnerability affecting multiple versions of Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, …

CVE-2024-11120 is a critical OS Command Injection vulnerability (CWE-78) affecting End-of-Life GeoVision devices, allowing unauthenticated remote attackers to e…

CVE-2024-6047 is a critical command injection vulnerability (CWE-78) affecting multiple End-of-Life GeoVision devices, allowing unauthenticated remote attackers…

CVE-2025-3248 is a critical remote code injection vulnerability in Langflow versions prior to 1.3.0, affecting the /api/v1/validate/code endpoint. It carries a …

CVE-2023-44221 is a command injection vulnerability in the SonicWall SMA100 SSL-VPN management interface, classified under CWE-78. It allows a remote authentica…

CVE-2025-1976 affects Broadcom Brocade Fabric OS versions 9.1.0 through 9.1.1d6, allowing a local user with admin privileges to execute arbitrary code with full…

CVE-2021-20035 is a command injection vulnerability (CWE-78) in the SonicWall SMA100 management interface, allowing remote authenticated attackers to inject arb…

CVE-2025-30406 is a critical deserialization vulnerability in Gladinet CentreStack versions through 16.1.10296.56315, caused by a hardcoded machineKey that allo…

CVE-2025-24813 is a critical vulnerability in Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98, allowing …

CVE-2019-9875 is a high-severity deserialization vulnerability (CWE-502) in the anti-CSRF module of Sitecore CMS and Experience Platform through version 9.1. It…

CVE-2025-21590 is a Medium severity (CVSS 4.4) Improper Isolation or Compartmentalization vulnerability (CWE-653) in the Juniper Networks Junos OS kernel. It al…

CVE-2025-22224 is a critical race-condition vulnerability (CWE-367) in VMware ESXi and Workstation that allows an out-of-bounds write via a TOCTOU flaw. A local…

CVE-2024-4885 is a critical Remote Code Execution vulnerability in Progress WhatsUp Gold versions prior to 2023.1.3, allowing unauthenticated attackers to execu…

CVE-2022-43769 is a HIGH severity vulnerability (CVSS 8.8) in Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including…