Total
3370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-34259 | 2026-06-17 | N/A | 8.2 HIGH | ||
| Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability. | |||||
| CVE-2026-34243 | 1 Njzjz | 1 Wenxian | 2026-06-17 | N/A | 9.8 CRITICAL |
| wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. At time of publication, there are no publicly available patches. | |||||
| CVE-2026-33111 | 1 Microsoft | 1 Copilot Chat | 2026-06-17 | N/A | 7.5 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-32622 | 1 Fit2cloud | 1 Sqlbot | 2026-06-17 | N/A | 8.8 HIGH |
| SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. Together, these flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., COPY ... TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0. | |||||
| CVE-2026-32241 | 1 Flannel-io | 1 Flannel | 2026-06-17 | N/A | 7.5 HIGH |
| Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard. | |||||
| CVE-2026-32194 | 1 Microsoft | 1 Bing Images | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-32183 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-32063 | 1 Openclaw | 1 Openclaw | 2026-06-17 | N/A | 7.1 HIGH |
| OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user. | |||||
| CVE-2026-32052 | 1 Openclaw | 1 Openclaw | 2026-06-17 | N/A | 6.4 MEDIUM |
| OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation. | |||||
| CVE-2026-31255 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands. | |||||
| CVE-2026-31179 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31176 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31175 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31174 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31173 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31172 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31171 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31169 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31168 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. | |||||