Total
4216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51024 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2022-44019 | 1 Totaljs | 1 Total.js | 2025-05-07 | N/A | 8.8 HIGH |
| In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | |||||
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-07 | N/A | 7.5 HIGH |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | |||||
| CVE-2022-42055 | 1 Gl-inet | 1 Goodcloud | 2025-05-07 | N/A | 6.5 MEDIUM |
| Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | |||||
| CVE-2022-29851 | 1 Open-xchange | 1 Ox App Suite | 2025-05-07 | N/A | 9.8 CRITICAL |
| documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | |||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | |||||
| CVE-2018-18600 | 1 Guardzilla | 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more | 2025-05-06 | 9.3 HIGH | 8.1 HIGH |
| The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. | |||||
| CVE-2024-49380 | 1 Plenti | 1 Plenti | 2025-05-06 | N/A | 7.5 HIGH |
| Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability. | |||||
| CVE-2018-6342 | 2 Facebook, Microsoft | 2 React-dev-utils, Windows | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. | |||||
| CVE-2017-14429 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | |||||
| CVE-2022-2068 | 6 Broadcom, Debian, Fedoraproject and 3 more | 43 Sannav, Debian Linux, Fedora and 40 more | 2025-05-05 | 10.0 HIGH | 9.8 CRITICAL |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | |||||
| CVE-2022-1292 | 5 Debian, Fedoraproject, Netapp and 2 more | 51 Debian Linux, Fedora, A250 and 48 more | 2025-05-05 | 10.0 HIGH | 9.8 CRITICAL |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | |||||
| CVE-2023-27076 | 1 Tenda | 2 G103, G103 Firmware | 2025-05-05 | N/A | 9.8 CRITICAL |
| Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. | |||||
| CVE-2024-38882 | 1 Horizoncloud | 1 Caterease | 2025-05-05 | N/A | 9.8 CRITICAL |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2022-35717 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | N/A | 7.8 HIGH |
| "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. | |||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | N/A | 5.4 MEDIUM |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | |||||
| CVE-2022-37901 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37899 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37898 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37897 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||