CVE-2026-24663 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24663
Published : Feb. 27, 2026, 12:36 a.m. | 29 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24663
Published : Feb. 27, 2026, 12:36 a.m. | 29 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21389 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-21389
Published : Feb. 27, 2026, 12:38 a.m. | 27 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21389
Published : Feb. 27, 2026, 12:38 a.m. | 27 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25111 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25111
Published : Feb. 27, 2026, 12:40 a.m. | 25 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25111
Published : Feb. 27, 2026, 12:40 a.m. | 25 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20742 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20742
Published : Feb. 27, 2026, 12:42 a.m. | 24 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20742
Published : Feb. 27, 2026, 12:42 a.m. | 24 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24517 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24517
Published : Feb. 27, 2026, 12:43 a.m. | 22 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24517
Published : Feb. 27, 2026, 12:43 a.m. | 22 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25195 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25195
Published : Feb. 27, 2026, 12:45 a.m. | 21 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25195
Published : Feb. 27, 2026, 12:45 a.m. | 21 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20910 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20910
Published : Feb. 27, 2026, 12:46 a.m. | 19 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20910
Published : Feb. 27, 2026, 12:46 a.m. | 19 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24689 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24689
Published : Feb. 27, 2026, 12:47 a.m. | 18 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24689
Published : Feb. 27, 2026, 12:47 a.m. | 18 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25109 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25109
Published : Feb. 27, 2026, 12:48 a.m. | 17 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25109
Published : Feb. 27, 2026, 12:48 a.m. | 17 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20902 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-20902
Published : Feb. 27, 2026, 12:49 a.m. | 16 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20902
Published : Feb. 27, 2026, 12:49 a.m. | 16 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24695 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24695
Published : Feb. 27, 2026, 12:51 a.m. | 15 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24695
Published : Feb. 27, 2026, 12:51 a.m. | 15 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22877 - Copeland XWEB and XWEB Pro Path Traversal
CVE ID : CVE-2026-22877
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22877
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23702 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-23702
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23702
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24452 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-24452
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24452
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24497 - SimTech Systems, Inc. ThinkWise Stack-based Buffer Overflow Remote Code Inclusion
CVE ID : CVE-2026-24497
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : Stack-based Buffer Overflow vulnerability in SimTech Systems, Inc. ThinkWise allows Remote Code Inclusion.This issue affects ThinkWise: from 7 through 23.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24497
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : Stack-based Buffer Overflow vulnerability in SimTech Systems, Inc. ThinkWise allows Remote Code Inclusion.This issue affects ThinkWise: from 7 through 23.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24498 - EFM-Networks, Inc. IpTIME T5008, AX2004M, AX3000Q, AX6000M Authentication Bypass Exposure of Sensitive Information
CVE ID : CVE-2026-24498
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24498
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25037 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25037
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25037
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25105 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25105
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25105
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25196 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25196
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25196
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25721 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-25721
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25721
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3037 - Copeland XWEB and XWEB Pro OS Command Injection
CVE ID : CVE-2026-3037
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3037
Published : Feb. 27, 2026, 2:16 a.m. | 2 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...