Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36604 | 1 Tenda | 2 O3, O3 Firmware | 2024-12-13 | N/A | 9.8 CRITICAL |
| Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2024-29404 | 2024-12-13 | N/A | 7.8 HIGH | ||
| An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. | |||||
| CVE-2023-28365 | 2 Linux, Ui | 2 Linux Kernel, Unifi Network Application | 2024-12-12 | N/A | 9.1 CRITICAL |
| A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | |||||
| CVE-2024-12350 | 1 Jwillber | 1 Jfinalcms | 2024-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12358 | 1 Datax-web Project | 1 Datax-web | 2024-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-55547 | 2024-12-10 | N/A | N/A | ||
| SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e. | |||||
| CVE-2024-55544 | 2024-12-10 | N/A | N/A | ||
| Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2024-22122 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 3.0 LOW |
| Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. | |||||
| CVE-2024-53919 | 2024-12-10 | N/A | 7.6 HIGH | ||
| An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root. | |||||
| CVE-2024-50388 | 2024-12-06 | N/A | N/A | ||
| An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later | |||||
| CVE-2024-51114 | 2024-12-05 | N/A | 8.8 HIGH | ||
| An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file | |||||
| CVE-2024-21322 | 1 Microsoft | 1 Defender For Iot | 2024-12-05 | N/A | 7.2 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2024-11665 | 1 Echarge | 2 Salia Plcc, Salia Plcc Firmware | 2024-12-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-29 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2024-3273 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-11-29 | 7.5 HIGH | 7.3 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-11013 | 2024-11-29 | N/A | 7.2 HIGH | ||
| Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface. | |||||
| CVE-2024-9076 | 1 Dedecms | 1 Dedecms | 2024-11-28 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37782 | 2024-11-27 | N/A | 9.8 CRITICAL | ||
| An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. | |||||
| CVE-2024-33439 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. | |||||
| CVE-2024-29292 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. | |||||