Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37924 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | N/A | 7.2 HIGH |
|
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
|||||
| CVE-2022-24441 | 1 Snyk | 3 Snyk Cli, Snyk Language Server, Snyk Security | 2025-04-24 | N/A | 5.8 MEDIUM |
|
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would lik ...
Show More |
|||||
| CVE-2025-30289 | 1 Adobe | 1 Coldfusion | 2025-04-24 | N/A | 8.2 HIGH |
|
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application ...
Show More |
|||||
| CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
|
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
|
|||||
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
|
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
|
|||||
| CVE-2022-42496 | 1 Kujirahand | 1 Nadesiko3 | 2025-04-24 | N/A | 9.8 CRITICAL |
|
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
|
|||||
| CVE-2022-41642 | 1 Kujirahand | 1 Nadesiko3 | 2025-04-24 | N/A | 9.8 CRITICAL |
|
OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.
|
|||||
| CVE-2022-43548 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2025-04-24 | N/A | 8.1 HIGH |
|
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
|
|||||
| CVE-2025-25067 | 1 Myscada | 1 Mypro | 2025-04-23 | N/A | 9.8 CRITICAL |
|
mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
|
|||||
| CVE-2022-45915 | 1 Ilias | 1 Ilias | 2025-04-23 | N/A | 8.8 HIGH |
|
ILIAS before 7.16 allows OS Command Injection.
|
|||||
| CVE-2023-34127 | 1 Sonicwall | 2 Analytics, Global Management System | 2025-04-23 | N/A | 8.8 HIGH |
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
|
|||||
| CVE-2022-45026 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2025-04-23 | N/A | 9.8 CRITICAL |
|
An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.
|
|||||
| CVE-2022-45025 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2025-04-23 | N/A | 9.8 CRITICAL |
|
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.
|
|||||
| CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 9.8 CRITICAL |
|
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
|
|||||
| CVE-2022-45497 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 9.8 CRITICAL |
|
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
|
|||||
| CVE-2022-43464 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | N/A | 8.8 HIGH |
|
Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
|
|||||
| CVE-2020-6627 | 1 Seagate | 6 Stcg2000300, Stcg2000300 Firmware, Stcg3000300 and 3 more | 2025-04-23 | N/A | 9.8 CRITICAL |
|
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
|
|||||
| CVE-2022-45145 | 1 Call-cc | 1 Chicken | 2025-04-23 | N/A | 9.8 CRITICAL |
|
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
|
|||||
| CVE-2022-44606 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | N/A | 8.8 HIGH |
|
OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
|
|||||
| CVE-2022-25912 | 1 Simple-git Project | 1 Simple-git | 2025-04-22 | N/A | 8.1 HIGH |
|
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
|
|||||
| CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
|
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
|
|||||
| CVE-2022-45996 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | N/A | 7.2 HIGH |
|
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
|
|||||
| CVE-2022-45977 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
|
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
|
|||||
| CVE-2024-50993 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-24431 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
|
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
|
|||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 7.2 HIGH |
|
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.
|
|||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
|
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.
|
|||||
| CVE-2024-57542 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
|
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn.
|
|||||
| CVE-2022-45005 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
|
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.
|
|||||
| CVE-2025-30286 | 1 Adobe | 1 Coldfusion | 2025-04-21 | N/A | 8.4 HIGH |
|
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.
|
|||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
|
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
|
|||||
| CVE-2022-46631 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
|
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
|
|||||
| CVE-2017-2112 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
|
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2017-14135 | 1 Dreambox | 1 Opendreambox | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
|
|||||
| CVE-2017-6602 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-20 | 3.6 LOW | 4.4 MEDIUM |
|
A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138).
|
|||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
|
|||||
| CVE-2017-2152 | 1 Buffalo Inc | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
|
WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2017-1253 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 6.5 MEDIUM | 9.9 CRITICAL |
|
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
|
|||||
| CVE-2017-2890 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.
|
|||||
| CVE-2016-0634 | 1 Gnu | 1 Bash | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
|
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
|
|||||