Total
4964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0680 | 2025-01-30 | 9.8 Critical | ||
| Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. | ||||
| CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2025-01-30 | 9.8 Critical |
| GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | ||||
| CVE-2023-30854 | 1 Wwbn | 1 Avideo | 2025-01-30 | 8.8 High |
| AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4. | ||||
| CVE-2023-22919 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2025-01-30 | 8.8 High |
| The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | ||||
| CVE-2023-2479 | 1 Appium | 1 Appium-desktop | 2025-01-30 | 9.8 Critical |
| OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | ||||
| CVE-2024-2662 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | 7.2 High |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server. | ||||
| CVE-2024-49803 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.8 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
| CVE-2023-29944 | 1 Metersphere | 1 Metersphere | 2025-01-29 | 9.8 Critical |
| Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | ||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | ||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | ||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | ||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | 8.8 High |
| A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | ||||
| CVE-2023-2564 | 1 Scanservjs Project | 1 Scanservjs | 2025-01-29 | 10 Critical |
| OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | ||||
| CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-01-28 | 9.9 Critical |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | ||||
| CVE-2024-22065 | 1 Zte | 3 Mf258 Pro Firmware, Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | 6.8 Medium |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2023-32568 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | 7.2 High |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | ||||
| CVE-2024-25955 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | 7.2 High |
| Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2024-3880 | 1 Tenda | 2 W30e, W30e Firmware | 2025-01-27 | 6.3 Medium |
| A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-29841 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-24 | 8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119. | ||||
| CVE-2020-13378 | 1 Loadbalancer | 1 Enterprise Va Max | 2025-01-24 | 8.8 High |
| Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code. | ||||