Home/Tag/Command Injection

Command Injection

7 articles tagged with "Command Injection"

Malware4 min read

Mirai Variant Targets End-of-Life D-Link Routers

Akamai detects active exploitation of CVE-2025-29635 in discontinued D-Link DIR-823X routers. The tuxnokill variant spreads via command injection and launches DDoS attacks from compromised devices.

James RiveraApr 23, 2026

Vulnerabilities3 min read

NewSoftOA Command Injection Lets Local Attackers Own Servers

CVE-2026-5965 in NewSoftOA enables unauthenticated OS command injection with CVSS 9.8. Local attackers can execute arbitrary commands and fully compromise systems.

Marcus ChenApr 21, 2026

Vulnerabilities4 min read

Totolink Router Flaw Allows Unauthenticated RCE (CVE-2026-6140)

Critical CVSS 9.8 command injection vulnerability in Totolink A7100RU routers enables unauthenticated remote code execution. Public exploit available, no patch released.

Marcus ChenApr 13, 2026

Vulnerabilities3 min read

VMware Aria Operations RCE Flaw Added to CISA KEV Catalog

CISA confirms active exploitation of VMware Aria Operations CVE-2026-22719, a command injection flaw enabling unauthenticated RCE. Patch by March 24.

Marcus ChenMar 19, 2026

Vulnerabilities3 min read

CISA Adds FileZen CVE-2026-25108 to KEV After Active Exploitation

CISA flags FileZen command injection flaw (CVE-2026-25108, CVSS 8.7) as actively exploited. Federal agencies must patch by March 17, 2026.

Marcus ChenFeb 25, 2026

Vulnerabilities4 min read

Zoom Patches CVSS 9.9 Flaw That Let Meeting Participants Run Code

CVE-2026-22844 allowed meeting participants to execute arbitrary code on Zoom's on-premises multimedia routers. No active exploitation reported yet.

Marcus ChenJan 22, 2026

Vulnerabilities4 min read

Coolify Command Injection Flaws Grant Root Access

Five critical vulnerabilities in the self-hosting platform allow authenticated users to execute arbitrary commands as root. Over 52,000 instances are exposed globally.

Marcus ChenJan 10, 2026