Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26297 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||
| CVE-2024-26298 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||
| CVE-2024-26294 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 4.3 MEDIUM |
|
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.
|
|||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | N/A | 7.4 HIGH |
|
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.
|
|||||
| CVE-2024-27818 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-26 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-24146 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
|
|||||
| CVE-2023-24145 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
|
|||||
| CVE-2023-24144 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
|
|||||
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
|
|||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
|
|||||
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
|
|||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
|
|||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
|
|||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
|
|||||
| CVE-2023-24154 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
|
|||||
| CVE-2023-24153 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2023-24152 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2023-24151 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2023-24150 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2021-31575 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
|
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
|
|||||
| CVE-2023-24157 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2023-24156 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
|
|||||
| CVE-2023-24148 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.
|
|||||
| CVE-2021-31574 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
|
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
|
|||||
| CVE-2021-31573 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
|
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
|
|||||
| CVE-2023-24138 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
|
|||||
| CVE-2023-24276 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
|
|||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | N/A | 7.4 HIGH |
|
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
|
|||||
| CVE-2023-24330 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
|
|||||
| CVE-2023-24331 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
|
|||||
| CVE-2024-57685 | 1 Sparkshop | 1 Sparkshop | 2025-03-25 | N/A | 5.3 MEDIUM |
|
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.
|
|||||
| CVE-2024-24301 | 1 4ipnet | 2 Eap-767, Eap-767 Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.
|
|||||
| CVE-2022-43550 | 2 Jitsi, Microsoft | 2 Jitsi, Windows | 2025-03-25 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.
|
|||||
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2025-03-24 | N/A | 9.1 CRITICAL |
|
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and wa ...
Show More |
|||||
| CVE-2023-0127 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2025-03-24 | N/A | 7.8 HIGH |
|
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
|
|||||
| CVE-2023-0789 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | N/A | 8.1 HIGH |
|
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
|
|||||
| CVE-2022-40022 | 1 Microchip | 2 Syncserver S650, Syncserver S650 Firmware | 2025-03-21 | N/A | 9.8 CRITICAL |
|
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
|
|||||
| CVE-2023-24161 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
|
|||||
| CVE-2023-24160 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
|
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
|
|||||