CVE-2026-5965
9.8 CRITICALNewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS...
Published: 2026-04-21 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-78
Description
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
- CVE-2026-42853 — ApostropheCMS is an open-source Node.js content management system (6.5 MEDIUM)
- CVE-2026-48165 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-48163 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-44170 — MariaDB server is a community developed fork of MySQL server