Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under ...

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. The activity was discovered by ...

Three critical flaws in Fortinet’s sandbox that allow remote attackers to bypass authentication, escalate privileges, and execute malicious code are under active exploitation, according to threat ...

A newly identified malware campaign has been observed exploiting a command injection flaw in digital video recorder (DVR) devices to deploy a Mirai-based botnet, according to analysis by FortiGuard ...

Ivanti Sentry vulnerability patch is mandatory for federal agencies by June 14 under CISA’s BOD 26-04, which replaces flat ...

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...

CVE-2025-53967 allows remote code execution via figma-developer-mpc command injection flaw Vulnerability stems from unvalidated input passed to shell commands using child_process.exec Users should ...

A critical command injection issue in Fortinet FortiSIEM has been disclosed along with public exploit code, and researchers claim attackers could have been remotely achieving unauthenticated root ...

Four newly discovered vulnerabilities in the fault simulation platform can lead to OS command injection and cluster takeover, even from unprivileged pods. Researchers have found critical ...