Total
5173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20014 | 2025-01-29 | N/A | 9.8 CRITICAL | ||
| mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | |||||
| CVE-2023-29944 | 1 Metersphere | 1 Metersphere | 2025-01-29 | N/A | 9.8 CRITICAL |
| Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | |||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | |||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | |||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | N/A | 8.8 HIGH |
| A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | |||||
| CVE-2025-24480 | 2025-01-28 | N/A | N/A | ||
| A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user. | |||||
| CVE-2024-22065 | 1 Zte | 2 Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | N/A | 6.8 MEDIUM |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2023-32568 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | N/A | 7.2 HIGH |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | |||||
| CVE-2024-25946 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-25955 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-3880 | 1 Tenda | 2 W30e, W30e Firmware | 2025-01-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-57595 | 2025-01-27 | N/A | 9.8 CRITICAL | ||
| DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. | |||||
| CVE-2020-13378 | 1 Loadbalancer | 1 Enterprise Va Max | 2025-01-24 | N/A | 8.8 HIGH |
| Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code. | |||||
| CVE-2024-26260 | 1 Hgiga | 4 Oaklouds-organization-2.0, Oaklouds-organization-3.0, Oaklouds-webbase-2.0 and 1 more | 2025-01-23 | N/A | 9.8 CRITICAL |
| The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | |||||
| CVE-2024-21782 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-01-23 | N/A | 6.7 MEDIUM |
| BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-32462 | 1 Dell | 1 Smartfabric Os10 | 2025-01-23 | N/A | 9.8 CRITICAL |
| Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-22426 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-01-23 | N/A | 7.2 HIGH |
| Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | |||||
| CVE-2024-29973 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | |||||
| CVE-2024-29972 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | |||||