Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23119 | 2025-03-04 | N/A | 7.5 HIGH | ||
| An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network. | |||||
| CVE-2025-24861 | 1 Outbackpower | 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware | 2025-03-04 | N/A | 7.5 HIGH |
| An attacker may inject commands via specially-crafted post requests. | |||||
| CVE-2025-1947 | 2025-03-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1946 | 2025-03-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1845 | 2025-03-03 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27423 | 2025-03-03 | N/A | 7.1 HIGH | ||
| Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164 | |||||
| CVE-2025-1819 | 2025-03-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5355 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267. | |||||
| CVE-2022-4009 | 1 Octopus | 1 Octopus Server | 2025-02-26 | N/A | 8.8 HIGH |
| In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | |||||
| CVE-2025-20117 | 2025-02-26 | N/A | 5.1 MEDIUM | ||
| A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. | |||||
| CVE-2023-1168 | 1 Hpe | 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more | 2025-02-26 | N/A | 7.2 HIGH |
| An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. | |||||
| CVE-2024-30220 | 2025-02-26 | N/A | 8.8 HIGH | ||
| Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided. | |||||
| CVE-2024-57608 | 2025-02-25 | N/A | 6.5 MEDIUM | ||
| An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. | |||||
| CVE-2023-27224 | 1 Jc21 | 1 Nginx Proxy Manager | 2025-02-25 | N/A | 9.8 CRITICAL |
| An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | |||||
| CVE-2023-27079 | 1 Tenda | 2 G103, G103 Firmware | 2025-02-25 | N/A | 7.5 HIGH |
| Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | |||||
| CVE-2023-27078 | 1 Tp-link | 2 Tl-mr3020, Tl-mr3020 Firmware | 2025-02-25 | N/A | 9.8 CRITICAL |
| A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | |||||
| CVE-2023-28677 | 1 Jenkins | 1 Convert To Pipeline | 2025-02-25 | N/A | 9.8 CRITICAL |
| Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin. | |||||
| CVE-2023-27135 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-02-25 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | |||||
| CVE-2025-1676 | 2025-02-25 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-1498 | 1 Cisco | 8 Hyperflex Hx220c Af M5, Hyperflex Hx220c All Nvme M5, Hyperflex Hx220c Edge M5 and 5 more | 2025-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||