Total
4934 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6309 | 1 Moses-smt | 1 Mosesdecoder | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135. | ||||
| CVE-2023-6304 | 1 Tecno-mobile | 2 Tr118, Tr118 Firmware | 2024-11-21 | 7.2 High |
| A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6018 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| An attacker can overwrite any file on the server hosting MLflow without any authentication. | ||||
| CVE-2023-5684 | 1 Byzoro | 2 Smart S85f, Smart S85f Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5683 | 1 Byzoro | 2 Smart S85f, Smart S85f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5494 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5372 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-11-21 | 7.2 High |
| The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | ||||
| CVE-2023-5301 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.7 Medium |
| A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940. | ||||
| CVE-2023-5037 | 1 Hanwhavision | 366 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 363 more | 2024-11-21 | 7.2 High |
| badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2023-52314 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 9.6 Critical |
| PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | ||||
| CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | ||||
| CVE-2023-51098 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | ||||
| CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | ||||
| CVE-2023-51035 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | ||||
| CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | ||||
| CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | ||||
| CVE-2023-50993 | 1 Ruijie | 4 Rg-ws6008, Rg-ws6008 Firmware, Rg-ws6108 and 1 more | 2024-11-21 | 9.8 Critical |
| Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | ||||
| CVE-2023-50466 | 1 Weintek | 2 Cmt2078x, Cmt2078x Firmware | 2024-11-21 | 8.8 High |
| An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter. | ||||
| CVE-2023-50445 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2024-11-21 | 7.8 High |
| Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | ||||