Vulnerabilities (CVE)

Filtered by CWE-77
Total 3386 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28365 2 Linux, Ui 2 Linux Kernel, Unifi Network Application 2026-06-17 N/A 9.1 CRITICAL
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
CVE-2023-28130 1 Checkpoint 1 Gaia Portal 2026-06-17 N/A 7.2 HIGH
Local user may lead to privilege escalation using Gaia Portal hostnames page.
CVE-2023-28110 1 Fit2cloud 2 Jumpserver, Koko 2026-06-17 N/A 5.7 MEDIUM
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8.
CVE-2023-28012 1 Hcltech 1 Bigfix Mobile 2026-06-17 N/A 5.4 MEDIUM
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.
CVE-2023-27849 1 Rails-routes-to-json Project 1 Rails-routes-to-json 2026-06-17 N/A 9.8 CRITICAL
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVE-2023-27848 1 Broccoli-compass Project 1 Broccoli-compass 2026-06-17 N/A 9.8 CRITICAL
broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVE-2023-27837 1 Tp-link 2 Tl-wpa8630p, Tl-wpa8630p Firmware 2026-06-17 N/A 9.8 CRITICAL
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.
CVE-2023-27836 1 Tp-link 2 Tl-wpa8630p, Tl-wpa8630p Firmware 2026-06-17 N/A 9.8 CRITICAL
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.
CVE-2023-27796 1 Ruijienetworks 6 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1800gx Pro and 3 more 2026-06-17 N/A 8.8 HIGH
RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua.
CVE-2023-27581 1 Github-slug-action Project 1 Github-slug-action 2026-06-17 N/A 8.8 HIGH
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available.
CVE-2023-27240 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
CVE-2023-27232 1 Totolink 2 A7100ru, A7100ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
CVE-2023-27231 1 Totolink 2 A7100ru, A7100ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
CVE-2023-27229 1 Totolink 2 A7100ru, A7100ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
CVE-2023-27224 1 Jc21 1 Nginx Proxy Manager 2026-06-17 N/A 9.8 CRITICAL
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.
CVE-2023-27135 1 Totolink 2 A7100ru, A7100ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
CVE-2023-27079 1 Tenda 2 G103, G103 Firmware 2026-06-17 N/A 7.5 HIGH
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package
CVE-2023-27078 1 Tp-link 2 Tl-mr3020, Tl-mr3020 Firmware 2026-06-17 N/A 9.8 CRITICAL
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.
CVE-2023-26978 1 Totolink 2 A7100ru, A7100ru Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
CVE-2023-26866 1 Greenpacket 4 Ot-235, Ot-235 Firmware, Wr-1200 and 1 more 2026-06-17 N/A 9.8 CRITICAL
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.