Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3752 | 1 Xelerance | 1 Openswan | 2025-04-11 | 6.5 MEDIUM | N/A |
|
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
|
|||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 9.0 HIGH | N/A |
|
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
|
|||||
| CVE-2013-5486 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
|
|||||
| CVE-2012-3074 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2025-04-11 | 8.3 HIGH | N/A |
|
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
|
|||||
| CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2025-04-11 | 9.3 HIGH | N/A |
|
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
|
|||||
| CVE-2011-0375 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2025-04-11 | 9.0 HIGH | N/A |
|
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
|
|||||
| CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2025-04-11 | 9.0 HIGH | N/A |
|
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
|
|||||
| CVE-2023-51698 | 1 Mate-desktop | 1 Atril | 2025-04-10 | N/A | 9.6 CRITICAL |
|
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
|
|||||
| CVE-2023-24467 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
|
|||||
| CVE-2024-3193 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-10 | 10.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability.
|
|||||
| CVE-2024-28187 | 1 Saitodev | 1 Soy Cms | 2025-04-10 | N/A | 7.2 HIGH |
|
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised ...
Show More |
|||||
| CVE-2023-47802 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-04-10 | N/A | 7.2 HIGH |
|
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
|
|||||
| CVE-2024-3781 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | N/A | 9.1 CRITICAL |
|
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.
|
|||||
| CVE-2024-39351 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-04-10 | N/A | 7.2 HIGH |
|
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
|
|||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
|
|||||
| CVE-2024-51253 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
|
|||||
| CVE-2024-45882 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
|
|||||
| CVE-2024-45884 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
|
|||||
| CVE-2024-45885 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
|
|||||
| CVE-2024-45887 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
|
|||||
| CVE-2024-45888 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
|
|||||
| CVE-2024-45889 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
|
|||||
| CVE-2024-45890 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
|
|||||
| CVE-2024-45891 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
|
|||||
| CVE-2024-45893 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
|
|||||
| CVE-2024-46316 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
|
|||||
| CVE-2023-40504 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
|
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute c ...
Show More |
|||||
| CVE-2023-40505 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
|
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the createThumbnailByMovie method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerab ...
Show More |
|||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2025-04-10 | N/A | 7.4 HIGH |
|
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
|
|||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
|
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
|
|||||
| CVE-2024-41585 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-04-10 | N/A | 6.8 MEDIUM |
|
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.
|
|||||
| CVE-2022-44149 | 1 Nexxtsolutions | 2 Amp300, Amp300 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
|
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
|
|||||
| CVE-2025-25053 | 2025-04-09 | N/A | 8.8 HIGH | ||
|
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
|
|||||
| CVE-2025-27797 | 2025-04-09 | N/A | 9.8 CRITICAL | ||
|
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
|
|||||
| CVE-2023-51699 | 1 Linuxfoundation | 1 Fluid | 2025-04-09 | N/A | 4.0 MEDIUM |
|
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who're using versions ...
Show More |
|||||
| CVE-2024-34205 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 7.3 HIGH |
|
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
|
|||||
| CVE-2024-34210 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 7.3 HIGH |
|
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
|
|||||