Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54681 | 2025-01-17 | N/A | 3.5 LOW | ||
| Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application. | |||||
| CVE-2023-31996 | 1 Hanwhavision | 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more | 2025-01-17 | N/A | 8.8 HIGH |
| Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | |||||
| CVE-2025-0528 | 2025-01-17 | 8.3 HIGH | 7.2 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3009 | 1 Tenda | 2 Fh1205, Fh1205 Firmware | 2025-01-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-01-15 | N/A | 7.5 HIGH |
| Outlook for Android Information Disclosure Vulnerability | |||||
| CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-12075 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 MEDIUM | 7.2 HIGH |
| Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | |||||
| CVE-2022-47028 | 1 Actionlauncher | 1 Action Launcher | 2025-01-14 | N/A | 5.5 MEDIUM |
| An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | |||||
| CVE-2015-20108 | 1 Onelogin | 1 Ruby-saml | 2025-01-14 | N/A | 9.8 CRITICAL |
| xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | |||||
| CVE-2020-29547 | 1 Citadel | 1 Webcit | 2025-01-14 | N/A | 5.9 MEDIUM |
| An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | |||||
| CVE-2024-39367 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-39360 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-37186 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-34166 | 2025-01-14 | N/A | 10.0 CRITICAL | ||
| An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2024-2982 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-01-14 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-39783 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter. | |||||
| CVE-2024-39782 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter. | |||||
| CVE-2024-39781 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter. | |||||
| CVE-2024-39765 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. | |||||
| CVE-2024-39764 | 2025-01-14 | N/A | 9.1 CRITICAL | ||
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. | |||||