Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29805 | 1 Iodata | 4 Wfs-sr03k, Wfs-sr03k Firmware, Wfs-sr03w and 1 more | 2025-02-06 | N/A | 9.8 CRITICAL |
|
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.
|
|||||
| CVE-2023-29804 | 1 Iodata | 4 Wfs-sr03k, Wfs-sr03k Firmware, Wfs-sr03w and 1 more | 2025-02-06 | N/A | 8.8 HIGH |
|
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function.
|
|||||
| CVE-2022-38841 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-02-06 | N/A | 8.8 HIGH |
|
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.
|
|||||
| CVE-2023-6260 | 1 Brivo | 4 Acs100, Acs100 Firmware, Acs300 and 1 more | 2025-02-05 | N/A | 9.0 CRITICAL |
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3.
|
|||||
| CVE-2023-25759 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 5.4 MEDIUM |
|
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
|
|||||
| CVE-2025-24971 | 2025-02-04 | N/A | N/A | ||
|
DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-48008 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 5.3 MEDIUM |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information
|
|||||
| CVE-2024-22461 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 8.8 HIGH |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.
|
|||||
| CVE-2024-23690 | 2025-02-04 | N/A | 7.2 HIGH | ||
|
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
|
|||||
| CVE-2024-48890 | 1 Fortinet | 1 Fortisoar Imap Connector | 2025-02-03 | N/A | 6.6 MEDIUM |
|
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook
|
|||||
| CVE-2024-0740 | 1 Eclipse | 1 Target Management | 2025-02-03 | N/A | 9.8 CRITICAL |
|
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication.
The fixed version is included in Eclipse IDE 2024-03
|
|||||
| CVE-2024-56497 | 1 Fortinet | 2 Fortimail, Fortirecorder | 2025-02-03 | N/A | 6.7 MEDIUM |
|
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.
|
|||||
| CVE-2024-25626 | 1 Linuxfoundation | 1 Yocto | 2025-02-03 | N/A | 8.8 HIGH |
|
Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically ru ...
Show More |
|||||
| CVE-2023-25313 | 1 Wwbn | 1 Avideo | 2025-02-03 | N/A | 9.8 CRITICAL |
|
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.
|
|||||
| CVE-2023-33617 | 1 Eparks | 2 Fiberlink 210, Fiberlink 210 Firmware | 2025-01-31 | N/A | 7.2 HIGH |
|
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
|
|||||
| CVE-2023-37937 | 1 Fortinet | 1 Fortiswitch | 2025-01-31 | N/A | 7.8 HIGH |
|
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
|
|||||
| CVE-2024-26012 | 1 Fortinet | 3 Fortiap, Fortiap-s, Fortiap-w2 | 2025-01-31 | N/A | 6.7 MEDIUM |
|
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.
|
|||||
| CVE-2024-40587 | 1 Fortinet | 1 Fortivoice | 2025-01-31 | N/A | 6.7 MEDIUM |
|
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
|
|||||
| CVE-2023-27521 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-31 | N/A | 8.8 HIGH |
|
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.
|
|||||
| CVE-2025-0680 | 2025-01-30 | N/A | 9.8 CRITICAL | ||
|
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.
|
|||||
| CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2025-01-30 | N/A | 9.8 CRITICAL |
|
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
|
|||||
| CVE-2024-2662 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | N/A | 7.2 HIGH |
|
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.
|
|||||
| CVE-2024-49803 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | N/A | 9.8 CRITICAL |
|
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
|
|||||
| CVE-2025-20061 | 2025-01-29 | N/A | 9.8 CRITICAL | ||
|
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
|
|||||
| CVE-2025-20014 | 2025-01-29 | N/A | 9.8 CRITICAL | ||
|
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
|
|||||
| CVE-2023-29944 | 1 Metersphere | 1 Metersphere | 2025-01-29 | N/A | 9.8 CRITICAL |
|
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench
|
|||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
|
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
|
|||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
|
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
|
|||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
|
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
|
|||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | N/A | 8.8 HIGH |
|
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.
|
|||||
| CVE-2025-24480 | 2025-01-28 | N/A | N/A | ||
|
A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.
|
|||||
| CVE-2024-22065 | 1 Zte | 2 Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | N/A | 6.8 MEDIUM |
|
There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.
|
|||||
| CVE-2023-32568 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | N/A | 7.2 HIGH |
|
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.
|
|||||
| CVE-2024-25946 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
|
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2024-25955 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
|
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2024-3880 | 1 Tenda | 2 W30e, W30e Firmware | 2025-01-27 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-57595 | 2025-01-27 | N/A | 9.8 CRITICAL | ||
|
DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request.
|
|||||
| CVE-2020-13378 | 1 Loadbalancer | 1 Enterprise Va Max | 2025-01-24 | N/A | 8.8 HIGH |
|
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
|
|||||
| CVE-2024-26260 | 1 Hgiga | 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more | 2025-01-23 | N/A | 9.8 CRITICAL |
|
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
|
|||||
| CVE-2024-21782 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-01-23 | N/A | 6.7 MEDIUM |
|
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||