Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26627 | 2025-03-11 | N/A | 7.0 HIGH | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24049 | 2025-03-11 | N/A | 8.4 HIGH | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2023-22767 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22766 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22747 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-11 | N/A | 9.8 CRITICAL |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-22765 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22764 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22763 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22750 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 9.8 CRITICAL |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-22749 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 9.8 CRITICAL |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-22748 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | N/A | 9.8 CRITICAL |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-53700 | 2025-03-07 | N/A | N/A | ||
| A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later | |||||
| CVE-2024-53692 | 2025-03-07 | N/A | 4.7 MEDIUM | ||
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2024-36983 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-07 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. | |||||
| CVE-2025-26331 | 2025-03-07 | N/A | 7.8 HIGH | ||
| Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | |||||
| CVE-2023-0093 | 1 Okta | 1 Advanced Server Access | 2025-03-06 | N/A | 8.8 HIGH |
| Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | |||||
| CVE-2024-13892 | 2025-03-06 | N/A | N/A | ||
| Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection. The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. | |||||
| CVE-2025-25743 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2025-03-05 | N/A | 7.2 HIGH |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | |||||
| CVE-2025-1800 | 2025-03-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-27146 | 1 Matrix | 1 Matrix Irc Bridge | 2025-03-04 | N/A | 2.7 LOW |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4. | |||||