Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:cmd-inject — CVE vulnerabilities tagged 5636

5636 CVE security advisories tagged "type:cmd-inject" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:cmd-inject" identifies Command Injection vulnerabilities, a critical security flaw where untrusted user input is improperly concatenated into system commands without adequate sanitization. This matters because it allows attackers to execute arbitrary operating system commands with the privileges of the vulnerable application, potentially leading to full system compromise, data exfiltration, or lateral movement within a network. Typical scenarios involve web applications that pass user-supplied data to backend shell interpreters, such as using PHP’s exec function or Python’s os.system, to perform tasks like pinging a host or listing directory contents. The 5,541 associated CVEs highlight the pervasive nature of this risk across diverse software ecosystems, emphasizing the necessity for strict input validation, parameterized interfaces, and the principle of least privilege to mitigate the severe impact of unintended command execution.

CVE IDTitleCVSSSeverityPublished
CVE-2026-35070 Dell SmartFabric Storage Software 命令注入漏洞(<1.4.5) — SmartFabric Storage SoftwareCWE-77 6.4 Medium2026-05-20
CVE-2026-8603 Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR — ScadaBRCWE-78--2026-05-19
CVE-2026-36827 Panabit PAP-XM320 V7.7前版本命令注入漏洞 — n/a--2026-05-19
CVE-2026-36828 Panabit PAP-XM320 v7.7及之前版本命令注入漏洞 — n/a--2026-05-19
CVE-2026-37281 Zenshin <2.7.0 OS命令注入漏洞 — n/a--2026-05-19
CVE-2026-27130 Dokploy has Command Injection in its Service Operations — dokployCWE-78 9.9 Critical2026-05-18
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service — webdriverioCWE-78 9.8 Critical2026-05-18
CVE-2026-47092 Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable — claude-hudCWE-427 7.8 High2026-05-18
CVE-2026-8777 Edimax BR-6428NS POST Request formStaDrvSetup command injection — BR-6428NSCWE-77 6.3 Medium2026-05-18
CVE-2026-8774 Edimax BR-6228NC POST Request mp command injection — BR-6228NCCWE-77 6.3 Medium2026-05-18
CVE-2025-57282 ngrok 命令注入漏洞 — n/a--2026-05-18
CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection — aiCWE-78 5.0 Medium2026-05-17
CVE-2026-8753 kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection — KodboxCWE-77 6.3 Medium2026-05-17
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag — vimCWE-78 3.6 Low2026-05-15
CVE-2026-39054 oinone-pamirs 命令注入漏洞 — n/a--2026-05-15
CVE-2026-24712 Northern.tech CFEngine 安全漏洞 — n/a--2026-05-14
CVE-2026-8500 Web::Passwd versions through 0.03 for Perl is vulnerable to RCE — Web::PasswdCWE-78--2026-05-13
CVE-2026-42586 Netty: CRLF Injection in Netty Redis Codec Encoder — nettyCWE-93 6.8 Medium2026-05-13
CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability — Cloud NGFWCWE-78--2026-05-13
CVE-2026-2695 Lack of Server-side validation in Instruction Input in TeamViewer DEX Platform (On-Premises) — DEX (On-Premises)CWE-20 6.3 Medium2026-05-13
CVE-2026-32673 BIG-IP scripted monitor vulnerability — BIG-IPCWE-250 8.7 High2026-05-13
CVE-2026-41217 BIG-IP tmsh vulnerability — BIG-IPCWE-732 7.9 High2026-05-13
CVE-2026-34176 Knowledge Appliance mode iControl REST vulnerability — BIG-IPCWE-78 8.7 High2026-05-13
CVE-2026-42062 ELECOM多款产品 操作系统命令注入漏洞 — WRC-BE72XSD-BCWE-78--2026-05-13
CVE-2026-35506 ELECOM WRC 操作系统命令注入漏洞 — WRC-BE72XSD-BCWE-78--2026-05-13
CVE-2026-36741 U-SPEED AC1200 安全漏洞 — n/a--2026-05-13
CVE-2026-42156 Flowsint: Cypher query injection in node type on node creation — flowsintCWE-943--2026-05-12
CVE-2026-44871 Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems — HPE Aruba Networking Wireless Operating System (AOS) 7.2 High2026-05-12
CVE-2026-44872 Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface — HPE Aruba Networking Wireless Operating System (AOS) 7.2 High2026-05-12
CVE-2026-44870 Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service Accessed by PAPI Protocol of AOS-8 and AOS-10 Operating Systems — HPE Aruba Networking Wireless Operating System (AOS) 7.2 High2026-05-12

Vulnerabilities classified as type:cmd-inject represent 5636 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.