Total
2590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24540 | 2 Golang, Redhat | 20 Go, Acm, Advanced Cluster Security and 17 more | 2025-01-24 | 9.8 Critical |
| Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | ||||
| CVE-2023-31985 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | ||||
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | ||||
| CVE-2023-2682 | 1 Catontechnology | 1 Caton Live | 2025-01-24 | 6.3 Medium |
| A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28136 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 7.8 High |
| A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. | ||||
| CVE-2024-28135 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 5 Medium |
| A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | ||||
| CVE-2024-25998 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 7.3 High |
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | ||||
| CVE-2025-23052 | 2025-01-23 | 7.2 High | ||
| Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-32073 | 1 Wwbn | 1 Avideo | 2025-01-23 | 8.8 High |
| WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | ||||
| CVE-2023-31986 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-23 | 9.8 Critical |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | ||||
| CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2025-01-23 | 9.8 Critical |
| A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | ||||
| CVE-2023-2491 | 2 Gnu, Redhat | 5 Emacs, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-01-22 | 7.8 High |
| A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | ||||
| CVE-2023-31701 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | 8.8 High |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | ||||
| CVE-2023-31700 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | 8.8 High |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | ||||
| CVE-2024-2991 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-01-22 | 6.3 Medium |
| A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-01-22 | 9.8 Critical |
| TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | ||||
| CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2025-01-21 | 7.2 High |
| MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | ||||
| CVE-2023-31208 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-01-21 | 8.3 High |
| Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | 7.2 High |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | ||||
| CVE-2023-31740 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | 7.2 High |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | ||||