Total
2967 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0127 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2025-03-24 | N/A | 7.8 HIGH |
| A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | |||||
| CVE-2023-0789 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | N/A | 8.1 HIGH |
| Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2022-40022 | 1 Microchip | 2 Syncserver S650, Syncserver S650 Firmware | 2025-03-21 | N/A | 9.8 CRITICAL |
| Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | |||||
| CVE-2023-24161 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||||
| CVE-2023-24160 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||||
| CVE-2023-24159 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | |||||
| CVE-2019-1000018 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-03-19 | 4.6 MEDIUM | 7.8 HIGH |
| rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. | |||||
| CVE-2023-40396 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-19 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-35518 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-03-19 | N/A | 8.4 HIGH |
| Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | |||||
| CVE-2024-27981 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later. | |||||
| CVE-2023-24238 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-24236 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||||
| CVE-2022-40021 | 1 Qvidium | 2 Amino A140, Amino A140 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | |||||
| CVE-2022-48338 | 1 Gnu | 1 Emacs | 2025-03-18 | N/A | 7.3 HIGH |
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | |||||
| CVE-2022-45701 | 1 Commscope | 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more | 2025-03-18 | N/A | 8.8 HIGH |
| Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | |||||
| CVE-2024-31811 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | N/A | 8.0 HIGH |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | |||||
| CVE-2023-23295 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2025-03-17 | N/A | 8.8 HIGH |
| Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | |||||
| CVE-2022-45600 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | |||||
| CVE-2024-3116 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | N/A | 7.4 HIGH |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | |||||
| CVE-2024-35519 | 1 Netgear | 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more | 2025-03-17 | N/A | 8.4 HIGH |
| Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | |||||