Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0798 | 2025-01-29 | 7.6 HIGH | 8.1 HIGH | ||
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-22788 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-28 | N/A | 7.2 HIGH |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2024-57590 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
| TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | |||||
| CVE-2024-48419 | 2025-01-28 | N/A | 8.8 HIGH | ||
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges. | |||||
| CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-01-28 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-30353 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | |||||
| CVE-2024-25946 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-25955 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-31473 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-27 | N/A | 4.9 MEDIUM |
| An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | |||||
| CVE-2023-31531 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | N/A | 8.8 HIGH |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | |||||
| CVE-2023-31530 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | N/A | 8.8 HIGH |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | |||||
| CVE-2023-31529 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | N/A | 8.8 HIGH |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | |||||
| CVE-2023-31528 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | N/A | 8.8 HIGH |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | |||||
| CVE-2023-24540 | 1 Golang | 1 Go | 2025-01-24 | N/A | 9.8 CRITICAL |
| Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | |||||
| CVE-2023-31985 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | |||||
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | |||||
| CVE-2023-2682 | 1 Catontechnology | 1 Caton Live | 2025-01-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-28136 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 7.8 HIGH |
| A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. | |||||
| CVE-2024-28135 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 5.0 MEDIUM |
| A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | |||||
| CVE-2024-25998 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 7.3 HIGH |
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | |||||