Total
4887 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | 7.5 High |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | ||||
| CVE-2022-42055 | 1 Gl-inet | 1 Goodcloud | 2025-05-07 | 6.5 Medium |
| Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | ||||
| CVE-2022-29851 | 1 Open-xchange | 1 Ox App Suite | 2025-05-07 | 9.8 Critical |
| documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | ||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | ||||
| CVE-2024-0170 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | ||||
| CVE-2024-0167 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. | ||||
| CVE-2024-0165 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | ||||
| CVE-2022-40741 | 1 Softnext | 1 Mail Sqr Expert | 2025-05-06 | 9.8 Critical |
| Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. | ||||
| CVE-2018-18600 | 1 Guardzilla | 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more | 2025-05-06 | 8.1 High |
| The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | ||||
| CVE-2024-49380 | 1 Plenti | 2 Plenti, Plentico | 2025-05-06 | 7.5 High |
| Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability. | ||||
| CVE-2018-6342 | 2 Facebook, Microsoft | 2 React-dev-utils, Windows | 2025-05-06 | 9.8 Critical |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. | ||||
| CVE-2017-14429 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-05-06 | 9.8 Critical |
| The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | ||||
| CVE-2023-27076 | 1 Tenda | 2 G103, G103 Firmware | 2025-05-05 | 9.8 Critical |
| Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. | ||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2025-05-05 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2022-35717 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | 7.8 High |
| "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. | ||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | 5.4 Medium |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | ||||
| CVE-2022-37901 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-37899 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-37898 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-37897 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | 9.8 Critical |
| There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||