Total
3383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24392 | 1 Fidelissecurity | 2 Deception, Network | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-24390 | 1 Fidelissecurity | 2 Deception, Network | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-24389 | 1 Fidelissecurity | 2 Deception, Network | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-24388 | 1 Fidelissecurity | 2 Deception, Network | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-24171 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. | |||||
| CVE-2022-24170 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
| CVE-2022-24168 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. | |||||
| CVE-2022-24167 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. | |||||
| CVE-2022-24165 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. | |||||
| CVE-2022-24150 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. | |||||
| CVE-2022-24148 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. | |||||
| CVE-2022-24144 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. | |||||
| CVE-2022-22991 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2026-06-17 | 8.3 HIGH | 7.8 HIGH |
| A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. | |||||
| CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-21941 | 1 Johnsoncontrols | 2 Istar Ultra, Istar Ultra Firmware | 2026-06-17 | N/A | 10.0 CRITICAL |
| All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | |||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2026-06-17 | N/A | 7.4 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2026-06-17 | N/A | 7.4 HIGH |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | |||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2026-06-17 | N/A | 7.4 HIGH |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
| CVE-2022-20665 | 1 Cisco | 4 Asr 5500, Asr 5700, Staros and 1 more | 2026-06-17 | 7.2 HIGH | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | |||||
| CVE-2022-20345 | 1 Google | 1 Android | 2026-06-17 | N/A | 8.8 HIGH |
| In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 | |||||
