Total
4917 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17405 | 3 Debian, Redhat, Ruby-lang | 13 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2025-04-20 | N/A |
| Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | ||||
| CVE-2017-15049 | 1 Zoom | 1 Zoom | 2025-04-20 | 8.8 High |
| The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | ||||
| CVE-2017-6682 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | ||||
| CVE-2015-3431 | 1 Pydio | 1 Pydio | 2025-04-20 | N/A |
| Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | ||||
| CVE-2017-6398 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | N/A |
| An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it. | ||||
| CVE-2022-48684 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-18 | 8.4 High |
| An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | ||||
| CVE-2023-50651 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-17 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | ||||
| CVE-2023-50094 | 1 Yogeshojha | 1 Rengine | 2025-04-17 | 8.8 High |
| reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. | ||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-04-17 | 7.8 High |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | ||||
| CVE-2022-24377 | 1 Cycle-import-check Project | 1 Cycle-import-check | 2025-04-17 | 7.4 High |
| The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. | ||||
| CVE-2023-52310 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-17 | 9.6 Critical |
| PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2025-04-17 | 8.8 High |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | ||||
| CVE-2023-41288 | 1 Qnap | 1 Video Station | 2025-04-17 | 8.8 High |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | ||||
| CVE-2024-0296 | 1 Totolink | 2 N200re, N200re Firmware | 2025-04-17 | 7.3 High |
| A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-44456 | 1 Contec | 1 Conprosys Hmi System | 2025-04-17 | 9.8 Critical |
| CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | ||||
| CVE-2022-43466 | 1 Buffalo | 20 Wex-1800ax4, Wex-1800ax4 Firmware, Wex-1800ax4ea and 17 more | 2025-04-17 | 6.8 Medium |
| OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | ||||
| CVE-2022-43443 | 1 Buffalo | 22 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-2533dhp and 19 more | 2025-04-17 | 8 High |
| OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | ||||
| CVE-2022-45942 | 1 Baijiacms Project | 1 Baijiacms | 2025-04-17 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | ||||
| CVE-2022-40624 | 1 Pfsense | 1 Pfblockerng | 2025-04-17 | 9.8 Critical |
| pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | ||||
| CVE-2022-46538 | 1 Tenda | 2 F1203, F1203 Firmware | 2025-04-16 | 9.8 Critical |
| Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | ||||