Vulnerabilities (CVE)

Filtered by CWE-77
Total 3389 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33136 1 Microsoft 1 Azure Devops Server 2026-06-17 N/A 8.8 HIGH
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-32782 1 Paessler 1 Prtg Network Monitor 2026-06-17 N/A 7.2 HIGH
A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32781 1 Paessler 1 Prtg Network Monitor 2026-06-17 N/A 7.2 HIGH
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32700 3 Luatex Project, Miktex, Tug 3 Luatex, Miktex, Tex Live 2026-06-17 N/A 7.8 HIGH
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2023-32632 1 Yifanwireless 2 Yf325, Yf325 Firmware 2026-06-17 N/A 8.8 HIGH
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-32073 1 Wwbn 1 Avideo 2026-06-17 N/A 8.8 HIGH
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.
CVE-2023-32007 1 Apache 1 Spark 2026-06-17 N/A 8.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.
CVE-2023-31996 1 Hanwhavision 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more 2026-06-17 N/A 8.8 HIGH
Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function.
CVE-2023-31986 1 Edimax 2 Br-6428ns, Br-6428ns Firmware 2026-06-17 N/A 9.8 CRITICAL
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.
CVE-2023-31985 1 Edimax 2 Br-6428ns, Br-6428ns Firmware 2026-06-17 N/A 9.8 CRITICAL
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
CVE-2023-31983 1 Edimax 2 Br-6428ns, Br-6428ns Firmware 2026-06-17 N/A 9.8 CRITICAL
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
CVE-2023-31856 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2026-06-17 N/A 9.8 CRITICAL
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.
CVE-2023-31746 1 Adslr 2 Vw2100, Vw2100 Firmware 2026-06-17 N/A 9.8 CRITICAL
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.
CVE-2023-31701 1 Tp-link 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware 2026-06-17 N/A 8.8 HIGH
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.
CVE-2023-31700 1 Tp-link 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware 2026-06-17 N/A 8.8 HIGH
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.
CVE-2023-31531 1 Motorola 2 Cx2l, Cx2l Firmware 2026-06-17 N/A 8.8 HIGH
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter.
CVE-2023-31530 1 Motorola 2 Cx2l, Cx2l Firmware 2026-06-17 N/A 8.8 HIGH
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.
CVE-2023-31529 1 Motorola 2 Cx2l, Cx2l Firmware 2026-06-17 N/A 8.8 HIGH
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter.
CVE-2023-31528 1 Motorola 2 Cx2l, Cx2l Firmware 2026-06-17 N/A 8.8 HIGH
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter.
CVE-2023-31476 1 Gl-inet 4 Gl-mv1000, Gl-mv1000 Firmware, Gl-mv1000w and 1 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).