Vulnerabilities (CVE)

Filtered by CWE-77
Total 3389 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36458 1 Fit2cloud 1 1panel 2026-06-17 N/A 6.3 MEDIUM
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.
CVE-2023-36457 1 Fit2cloud 1 1panel 2026-06-17 N/A 6.3 MEDIUM
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.
CVE-2023-36415 1 Microsoft 1 Azure Identity Sdk 2026-06-17 N/A 8.8 HIGH
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36414 1 Microsoft 1 Azure Identity Sdk 2026-06-17 N/A 8.8 HIGH
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36103 1 Tenda 2 Ac15, Ac15 Firmware 2026-06-17 N/A 9.8 CRITICAL
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
CVE-2023-35974 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2026-06-17 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-35973 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2026-06-17 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-35972 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2026-06-17 N/A 7.2 HIGH
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
CVE-2023-35390 1 Microsoft 2 .net, Visual Studio 2022 2026-06-17 N/A 7.8 HIGH
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-35035 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2026-06-17 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.
CVE-2023-35033 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2026-06-17 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.
CVE-2023-35032 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2026-06-17 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.
CVE-2023-35031 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2026-06-17 N/A 8.8 HIGH
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.
CVE-2023-34999 1 Bosch 1 Rts Vlink Virtual Matrix 2026-06-17 N/A 8.4 HIGH
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.
CVE-2023-34849 1 Ikuai8 1 Ikuaios 2026-06-17 N/A 9.8 CRITICAL
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.
CVE-2023-34233 1 Snowflake 1 Snowflake Connector 2026-06-17 N/A 8.8 HIGH
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue.
CVE-2023-34232 1 Snowflake 1 Snowflake Connector 2026-06-17 N/A 7.3 HIGH
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
CVE-2023-34231 1 Snowflake 1 Gosnowflake 2026-06-17 N/A 8.8 HIGH
gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19.
CVE-2023-34230 1 Snowflake 1 Snowflake Connector 2026-06-17 N/A 7.3 HIGH
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.
CVE-2023-34215 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2026-06-17 N/A 7.2 HIGH
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.