Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48633 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48634 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48635 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48637 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48636 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2024-48638 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request.
|
|||||
| CVE-2022-37915 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machi ...
Show More |
|||||
| CVE-2024-51023 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.8 HIGH |
|
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51024 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.0 HIGH |
|
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2022-44019 | 1 Totaljs | 1 Total.js | 2025-05-07 | N/A | 8.8 HIGH |
|
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
|
|||||
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 7.5 HIGH |
|
D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.
|
|||||
| CVE-2022-42055 | 1 Gl-inet | 1 Goodcloud | 2025-05-07 | N/A | 6.5 MEDIUM |
|
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
|
|||||
| CVE-2022-29851 | 1 Open-xchange | 1 Ox App Suite | 2025-05-07 | N/A | 9.8 CRITICAL |
|
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
|
|||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | N/A | 7.8 HIGH |
|
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.
|
|||||
| CVE-2018-18600 | 1 Guardzilla | 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more | 2025-05-06 | 9.3 HIGH | 8.1 HIGH |
|
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
|
|||||
| CVE-2024-49380 | 1 Plenti | 1 Plenti | 2025-05-06 | N/A | 7.5 HIGH |
|
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
|
|||||
| CVE-2018-6342 | 2 Facebook, Microsoft | 2 React-dev-utils, Windows | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
|
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to ...
Show More |
|||||
| CVE-2017-14429 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
|
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
|
|||||
| CVE-2023-27076 | 1 Tenda | 2 G103, G103 Firmware | 2025-05-05 | N/A | 9.8 CRITICAL |
|
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.
|
|||||
| CVE-2022-35717 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | N/A | 7.8 HIGH |
|
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.
|
|||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | N/A | 5.4 MEDIUM |
|
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."
|
|||||
| CVE-2022-37901 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2022-37899 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2022-37898 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2022-37897 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | N/A | 9.8 CRITICAL |
|
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-25893 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
|
|||||
| CVE-2025-25894 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
|
|||||
| CVE-2025-25895 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
|
|||||
| CVE-2024-52018 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51008 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2025-28219 | 1 Netgear | 2 Dc112a, Dc112a Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
|
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
|
|||||
| CVE-2024-52021 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-52020 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-52019 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51009 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51005 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2022-37912 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2022-37902 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-24351 | 2025-05-02 | N/A | 8.8 HIGH | ||
|
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
|
|||||
| CVE-2025-29041 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-05-01 | N/A | 9.8 CRITICAL |
|
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c
|
|||||