Total
4933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27778 | 1 Fortinet | 1 Fortisandbox | 2025-01-31 | 8.3 High |
| An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | ||||
| CVE-2024-26012 | 1 Fortinet | 3 Fortiap, Fortiap-s, Fortiap-w2 | 2025-01-31 | 6.3 Medium |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI. | ||||
| CVE-2024-40587 | 1 Fortinet | 1 Fortivoice | 2025-01-31 | 6.3 Medium |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2023-27521 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-31 | 8.8 High |
| OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. | ||||
| CVE-2025-0680 | 2025-01-30 | 9.8 Critical | ||
| Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. | ||||
| CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2025-01-30 | 9.8 Critical |
| GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | ||||
| CVE-2023-30854 | 1 Wwbn | 1 Avideo | 2025-01-30 | 8.8 High |
| AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4. | ||||
| CVE-2023-22919 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2025-01-30 | 8.8 High |
| The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | ||||
| CVE-2023-2479 | 1 Appium | 1 Appium-desktop | 2025-01-30 | 9.8 Critical |
| OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | ||||
| CVE-2024-2662 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | 7.2 High |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server. | ||||
| CVE-2024-49803 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.8 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
| CVE-2023-29944 | 1 Metersphere | 1 Metersphere | 2025-01-29 | 9.8 Critical |
| Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | ||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | ||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | ||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | ||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | 8.8 High |
| A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | ||||
| CVE-2023-2564 | 1 Scanservjs Project | 1 Scanservjs | 2025-01-29 | 10 Critical |
| OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | ||||
| CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-01-28 | 9.9 Critical |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | ||||
| CVE-2024-22065 | 1 Zte | 3 Mf258 Pro Firmware, Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | 6.8 Medium |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2023-32568 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | 7.2 High |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | ||||