#os-command-injection

[ follow ]
#sap-security-patch-day #s4hana #sap-commerce #sql-injection #cve-2026-25108 #filezen-vulnerability
Information security
fromThe Hacker News
2 months ago

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA added CVE-2026-25108, an OS command injection vulnerability in FileZen, to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.
fromTheregister
3 months ago

Critical React Native Metro dev server bug under attack

The flaw, tracked as CVE-2025-11953, arises because the Metro development server started by the React Native Community command line tool exposes an endpoint vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run malicious executables. Similarly, on Windows machines, miscreants can abuse the security hole to execute arbitrary shell commands with fully controlled arguments.
Information security
Information security
fromTheregister
5 months ago

Fortinet confirms second 0-day in just four days

FortiWeb OS command injection zero-day CVE-2025-58034 is exploited in the wild; Fortinet released a patch—update FortiWeb devices immediately.
Information security
fromIT Pro
6 months ago

Warning issued over critical flaws spotted in TP-Link routers

Two TP-Link VPN router vulnerabilities allow OS command injection via WireGuard settings and unauthorized root access through residual debug code.
[ Load more ]