Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
35 articles

#Command Injection

All CosmicBytez Labs articles tagged #Command Injection, across news, security advisories, how-to guides, and projects.

  • SecurityJul 12, 2026

    CVE-2026-61445: PraisonAI AICoder Arbitrary File Write and Command Injection via LLM Tool Calls

    A CVSS 9.9 critical vulnerability in PraisonAI before 4.6.78 allows attackers to write files to arbitrary filesystem locations and execute arbitrary OS...

  • SecurityJul 7, 2026

    CVE-2026-34038: Critical Coolify RCE via Authenticated Command Injection (CVSS 9.9)

    A critical command injection vulnerability in Coolify's deployment pipeline allows any authenticated user with write access to execute arbitrary OS...

  • SecurityJul 7, 2026

    CVE-2026-40047: Apache Camel Docling Argument Injection Enables OS Command Execution

    A critical argument injection vulnerability in Apache Camel's camel-docling component allows attackers to inject arbitrary CLI arguments into the docling...

  • SecurityJul 3, 2026

    UniFi Connect Critical RCE via Command Injection CVE-2026-50746

    A maximum-severity command injection vulnerability in Ubiquiti's UniFi Connect Application allows any network-accessible attacker to execute arbitrary OS...

  • SecurityJul 3, 2026

    UniFi Access Application Command Injection RCE CVE-2026-50748

    An improper input validation flaw in Ubiquiti's UniFi Access Application enables low-privileged network attackers to inject OS commands and execute...

  • SecurityJun 24, 2026

    CVE-2026-12486: GeoVision GV-I/O Box 4E OS Command Injection via libNetSetObj.so

    Multiple OS command injection vulnerabilities in GeoVision GV-I/O Box 4E firmware 2.09 allow attackers with network access to execute arbitrary system...

  • SecurityJun 23, 2026

    CVE-2025-67038: Lantronix EDS5000 OS Command Injection Vulnerability

    A critical OS command injection flaw in the Lantronix EDS5000 serial device server allows unauthenticated attackers to inject arbitrary commands via the...

  • SecurityJun 12, 2026

    CVE-2026-47367: UID Enterprise Agent Command Injection via Improper Input Validation

    A critical CVSS 9.9 command injection vulnerability in UID Enterprise Agent allows a low-privileged network attacker to execute arbitrary commands on the...

  • SecurityJun 12, 2026

    CVE-2026-47370: UniFi OS Command Injection via Improper Input Validation

    A critical CVSS 9.9 command injection vulnerability in Ubiquiti UniFi OS allows a low-privileged network attacker to execute arbitrary commands within...

  • SecurityJun 4, 2026

    CVE-2026-49185: FieldX MDM ADB Topic Command Injection via Runtime.exec()

    A critical CVSS 9.8 command injection vulnerability in the FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling…

  • SecurityJun 4, 2026

    CVE-2026-49188: ai_cmd Utility Root-Level popen() Injection via Socket Input

    A critical CVSS 9.8 vulnerability in the ai_cmd utility executes with full root permissions and pipes socket inputs directly to popen(), enabling…

  • SecurityMay 22, 2026

    UniFi OS Command Injection via Improper Input Validation

    A CVSS 9.1 command injection vulnerability in UniFi OS devices allows a network-adjacent attacker with high privileges to execute arbitrary commands on...

  • SecurityMay 22, 2026

    CVE-2026-34910 — UniFi OS Unauthenticated Command Injection

    A CVSS 10.0 command injection vulnerability in UniFi OS allows any network-accessible attacker with no credentials to execute arbitrary OS commands,...

  • SecurityMay 22, 2026

    CVE-2026-5433: Honeywell CNM Critical Command Injection RCE

    A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...

  • SecurityMay 19, 2026

    CVE-2026-25244 — WebdriverIO Command Injection RCE via Git

    A command injection vulnerability in WebdriverIO below version 9.24.0 allows remote code execution through malicious git branch names containing shell...

  • SecurityMay 8, 2026

    CVE-2026-41500: electerm macOS Command Injection via Install Script

    A critical command injection vulnerability in the electerm terminal client allows remote attackers to achieve unauthenticated code execution on macOS...

  • SecurityMay 8, 2026

    CVE-2026-41501: electerm Linux Command Injection via Install Script

    A critical command injection flaw in electerm's Linux installer allows remote attackers to execute arbitrary shell commands by injecting into unsanitized...

  • SecurityApr 30, 2026

    CVE-2026-36841: TOTOLINK N200RE V5 Command Injection

    A critical CVSS 9.8 command injection vulnerability in TOTOLINK N200RE V5 allows unauthenticated remote code execution via the macstr and bandstr...

  • SecurityApr 28, 2026

    CVE-2026-30352: Remote Code Execution in leonvanzyl

    A critical remote code execution vulnerability in the /devserver/start endpoint of the leonvanzyl autocoder AI coding tool allows unauthenticated...

  • SecurityApr 27, 2026

    CVE-2026-7037: Unauthenticated OS Command Injection in Totolink A8000RU

    A critical CVSS 9.8 OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary...

  • SecurityApr 25, 2026

    CVE-2025-29635: D-Link DIR-823X Command Injection

    A command injection flaw in end-of-life D-Link DIR-823X routers allows authenticated remote attackers to execute arbitrary OS commands. CISA has added...

  • SecurityApr 25, 2026

    CVE-2026-6951: simple-git RCE via --config Option Bypass

    A critical remote code execution vulnerability in the simple-git npm package allows attackers to inject arbitrary git config options via the --config...

  • SecurityApr 24, 2026

    CVE-2026-6942: radare2-mcp OS Command Injection via Shell

    A critical OS command injection vulnerability in radare2-mcp 1.6.0 and earlier allows remote attackers to execute arbitrary commands by bypassing the...

  • SecurityApr 12, 2026

    CVE-2026-6112: Totolink A7100RU OS Command Injection via setRadvdCfg

    A critical OS command injection vulnerability (CVSS 9.8) in Totolink A7100RU firmware allows unauthenticated remote attackers to execute arbitrary...

  • SecurityApr 12, 2026

    CVE-2026-6113: Totolink A7100RU OS Command Injection via setTtyServiceCfg

    A critical OS command injection flaw (CVSS 9.8) in Totolink A7100RU enables remote unauthenticated attackers to execute arbitrary commands by manipulating...

  • SecurityApr 12, 2026

    CVE-2026-6114: Totolink A7100RU OS Command Injection via setNetworkCfg

    CVE-2026-6114 is a critical OS command injection vulnerability (CVSS 9.8) in the Totolink A7100RU router's setNetworkCfg function, exploitable remotely...

  • SecurityApr 12, 2026

    CVE-2026-6115: Totolink A7100RU OS Command Injection via setAppCfg

    CVE-2026-6115 describes a critical OS command injection vulnerability (CVSS 9.8) in the Totolink A7100RU router, exploitable remotely and without...

  • SecurityApr 8, 2026

    CVE-2021-4473: Tianxin Behavior Management System

    A critical unauthenticated command injection vulnerability in the Tianxin Internet Behavior Management System's Reporter component allows attackers to...

  • SecurityApr 1, 2026

    CVE-2026-0596: MLflow Command Injection via Unsanitized

    A critical command injection vulnerability in mlflow/mlflow allows attackers to execute arbitrary shell commands by embedding metacharacters in the...

  • SecurityMar 30, 2026

    CVE-2025-15379: MLflow Command Injection in Model Serving

    A maximum-severity command injection vulnerability in MLflow's model serving container initialization allows attackers to execute arbitrary OS commands...

  • SecurityMar 20, 2026

    CVE-2026-32238: Critical Command Injection in OpenEMR

    OpenEMR versions prior to 8.0.0.2 contain a CVSS 9.1 command injection vulnerability in the backup functionality. Authenticated attackers with high...

  • SecurityMar 17, 2026

    CVE-2025-69902: Critical Command Injection in kubectl-mcp-server

    A critical command injection vulnerability in kubectl-mcp-server allows unauthenticated attackers to execute arbitrary OS commands through unsanitized...

  • SecurityMar 4, 2026

    CISA Adds Actively Exploited VMware Aria Operations RCE

    CISA has added CVE-2026-22719, a high-severity command injection vulnerability in VMware Aria Operations allowing unauthenticated remote code execution,...

  • SecurityFeb 25, 2026

    Soliton FileZen OS Command Injection Under Active

    A high-severity OS command injection vulnerability in Soliton Systems FileZen secure file transfer appliances is being actively exploited. Authenticated...

  • SecurityFeb 15, 2026

    GitHub Copilot Command Injection Flaws Enable Remote Code

    Multiple high-severity command injection vulnerabilities discovered in GitHub Copilot extensions for VS Code, Visual Studio, and JetBrains could allow...