Total
2538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9118 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |||||
| CVE-2015-2857 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | |||||
| CVE-2017-12277 | 1 Cisco | 6 Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall, Firepower 4140 Next-generation Firewall and 3 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | |||||
| CVE-2017-8131 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2015-7806 | 1 Form Manager Project | 1 Form Manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-6649 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555. | |||||
| CVE-2017-9980 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | |||||
| CVE-2015-8988 | 1 Mcafee | 1 Epo Deep Command | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. | |||||
| CVE-2017-5675 | 1 Embedthis | 1 Goahead | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. | |||||
| CVE-2025-43012 | 2025-04-17 | N/A | 8.3 HIGH | ||
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | |||||
| CVE-2024-56087 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | |||||
| CVE-2024-56086 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 7.1 HIGH |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | |||||
| CVE-2024-56085 | 1 Logpoint | 1 Siem | 2025-04-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | |||||
| CVE-2022-46421 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2025-04-16 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. | |||||
| CVE-2020-15685 | 1 Mozilla | 1 Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |||||
| CVE-2024-57228 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
| CVE-2024-57227 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-57226 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | |||||
| CVE-2024-57225 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 9.8 CRITICAL |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||||
| CVE-2024-57224 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 9.8 CRITICAL |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||