Total
3381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24561 | 1 Trendmicro | 1 Serverprotect | 2026-06-17 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privileges on the SPLX console to exploit this vulnerability. | |||||
| CVE-2020-23639 | 1 Moxa | 2 Vport 461, Vport 461 Firmware | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | |||||
| CVE-2020-23584 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution. | |||||
| CVE-2020-23583 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system. | |||||
| CVE-2020-22662 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2026-06-17 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. | |||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2026-06-17 | N/A | 7.5 HIGH |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | |||||
| CVE-2020-21785 | 1 Ibos | 1 Ibos | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | |||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | |||||
| CVE-2020-1790 | 1 Huawei | 1 Gaussdb 200 | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | |||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | |||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | |||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | |||||
| CVE-2020-18758 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | |||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | |||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | |||||
| CVE-2020-17504 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17503 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17502 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. | |||||
| CVE-2020-17500 | 1 Barco | 5 Transform N, Transform Ndn-210 Lite, Transform Ndn-210 Pro and 2 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. | |||||