Total
4933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27514 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-16 | 8.8 High |
| OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2025-0457 | 2025-01-16 | 8.8 High | ||
| The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | ||||
| CVE-2023-47709 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 9.1 Critical |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | ||||
| CVE-2023-31128 | 1 Nextcloud | 1 Cookbook | 2025-01-14 | 8.1 High |
| NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. | ||||
| CVE-2018-13284 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
| CVE-2022-27616 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2021-29083 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | ||||
| CVE-2022-22684 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.2 High |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2023-30253 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-14 | 8.8 High |
| Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. | ||||
| CVE-2023-27988 | 1 Zyxel | 6 Nas326, Nas326 Firmware, Nas540 and 3 more | 2025-01-14 | 7.2 High |
| The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely. | ||||
| CVE-2025-20016 | 2025-01-14 | 7.2 High | ||
| OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command. | ||||
| CVE-2025-20055 | 2025-01-14 | 9.8 Critical | ||
| OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command. | ||||
| CVE-2023-26129 | 1 Bwm-ng Project | 1 Bwm-ng | 2025-01-13 | 8.4 High |
| All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-26128 | 1 Keep-module-latest Project | 1 Keep-module-latest | 2025-01-13 | 8.4 High |
| All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-26127 | 1 N158 Project | 1 N158 | 2025-01-13 | 7.8 High |
| All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-13 | 9.8 Critical |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | ||||
| CVE-2022-47616 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2025-01-10 | 7.2 High |
| Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | ||||
| CVE-2024-29185 | 1 Freescout | 1 Freescout | 2025-01-10 | 9.1 Critical |
| FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue. | ||||
| CVE-2022-46361 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2025-01-09 | 6.9 Medium |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | ||||
| CVE-2023-25539 | 2 Dell, Linux | 2 Networker, Linux Kernel | 2025-01-09 | 8.4 High |
| Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | ||||