Total
4635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26115 | 1 Fortinet | 1 Fortiwan | 2025-01-21 | N/A | 7.8 HIGH |
| An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. | |||||
| CVE-2023-6398 | 1 Zyxel | 84 Atp100, Atp100 Firmware, Atp100w and 81 more | 2025-01-21 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP. | |||||
| CVE-2023-31756 | 1 Tp-link | 2 Archer Vr1600v, Archer Vr1600v Firmware | 2025-01-21 | N/A | 6.7 MEDIUM |
| A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. | |||||
| CVE-2024-47115 | 1 Ibm | 2 Aix, Vios | 2025-01-21 | N/A | 7.8 HIGH |
| IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | |||||
| CVE-2024-0815 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-19 | N/A | 8.8 HIGH |
| Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 | |||||
| CVE-2024-32118 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-17 | N/A | 6.7 MEDIUM |
| Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | |||||
| CVE-2024-11005 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-11006 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2023-28394 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2025-01-17 | N/A | 8.8 HIGH |
| Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | |||||
| CVE-2023-28392 | 1 Inaba | 8 Ac-wapu-300, Ac-wapu-300-p, Ac-wapu-300-p Firmware and 5 more | 2025-01-17 | N/A | 7.2 HIGH |
| Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command. | |||||
| CVE-2023-29169 | 1 Myscada | 1 Mypro | 2025-01-17 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29150 | 1 Myscada | 1 Mypro | 2025-01-17 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28716 | 1 Myscada | 1 Mypro | 2025-01-17 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28400 | 1 Myscada | 1 Mypro | 2025-01-17 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28384 | 1 Myscada | 1 Mypro | 2025-01-17 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2024-13502 | 2025-01-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands. | |||||
| CVE-2023-27514 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2025-01-16 | N/A | 8.8 HIGH |
| OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2025-0457 | 2025-01-16 | N/A | 8.8 HIGH | ||
| The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | |||||
| CVE-2025-0107 | 2025-01-15 | N/A | N/A | ||
| An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. | |||||
| CVE-2023-47709 | 1 Ibm | 1 Security Guardium | 2025-01-14 | N/A | 9.1 CRITICAL |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | |||||