Total
3386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28365 | 2 Linux, Ui | 2 Linux Kernel, Unifi Network Application | 2026-06-17 | N/A | 9.1 CRITICAL |
| A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | |||||
| CVE-2023-28130 | 1 Checkpoint | 1 Gaia Portal | 2026-06-17 | N/A | 7.2 HIGH |
| Local user may lead to privilege escalation using Gaia Portal hostnames page. | |||||
| CVE-2023-28110 | 1 Fit2cloud | 2 Jumpserver, Koko | 2026-06-17 | N/A | 5.7 MEDIUM |
| Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8. | |||||
| CVE-2023-28012 | 1 Hcltech | 1 Bigfix Mobile | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | |||||
| CVE-2023-27849 | 1 Rails-routes-to-json Project | 1 Rails-routes-to-json | 2026-06-17 | N/A | 9.8 CRITICAL |
| rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2026-06-17 | N/A | 9.8 CRITICAL |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-27837 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. | |||||
| CVE-2023-27836 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | |||||
| CVE-2023-27796 | 1 Ruijienetworks | 6 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1800gx Pro and 3 more | 2026-06-17 | N/A | 8.8 HIGH |
| RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua. | |||||
| CVE-2023-27581 | 1 Github-slug-action Project | 1 Github-slug-action | 2026-06-17 | N/A | 8.8 HIGH |
| github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available. | |||||
| CVE-2023-27240 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | |||||
| CVE-2023-27232 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-27231 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-27229 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-27224 | 1 Jc21 | 1 Nginx Proxy Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | |||||
| CVE-2023-27135 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-27079 | 1 Tenda | 2 G103, G103 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | |||||
| CVE-2023-27078 | 1 Tp-link | 2 Tl-mr3020, Tl-mr3020 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | |||||
| CVE-2023-26978 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-26866 | 1 Greenpacket | 4 Ot-235, Ot-235 Firmware, Wr-1200 and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. | |||||
