Total
2179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | |||||
| CVE-2023-2682 | 1 Catontechnology | 1 Caton Live | 2025-01-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-28136 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 7.8 HIGH |
| A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service. | |||||
| CVE-2024-28135 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 5.0 MEDIUM |
| A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | |||||
| CVE-2024-25998 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | 7.3 HIGH |
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | |||||
| CVE-2025-23052 | 2025-01-23 | N/A | 7.2 HIGH | ||
| Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-31986 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-23 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | |||||
| CVE-2024-52325 | 2025-01-23 | N/A | 9.6 CRITICAL | ||
| ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. | |||||
| CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2025-01-23 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||||
| CVE-2023-2491 | 2 Gnu, Redhat | 5 Emacs, Enterprise Linux, Enterprise Linux Eus and 2 more | 2025-01-22 | N/A | 7.8 HIGH |
| A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | |||||
| CVE-2023-31701 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | |||||
| CVE-2023-31700 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | |||||
| CVE-2024-2991 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-23196 | 2025-01-22 | N/A | 8.8 HIGH | ||
| A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari. | |||||
| CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-01-22 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-54794 | 2025-01-21 | N/A | 9.1 CRITICAL | ||
| The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. | |||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-31740 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | |||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | |||||
| CVE-2024-0817 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-19 | N/A | 7.8 HIGH |
| Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | |||||