Total
2294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20889 | 1 Vmware | 1 Vrealize Network Insight | 2025-01-07 | N/A | 7.5 HIGH |
| Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | |||||
| CVE-2023-33556 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-01-07 | N/A | 9.8 CRITICAL |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-33782 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
| D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | |||||
| CVE-2023-35031 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036. | |||||
| CVE-2023-31746 | 1 Vw2100 Project | 2 Vw2100, Vw2100 Firmware | 2025-01-06 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user. | |||||
| CVE-2023-27836 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-06 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | |||||
| CVE-2023-26298 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | N/A | 8.8 HIGH |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | |||||
| CVE-2023-26297 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | N/A | 8.8 HIGH |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | |||||
| CVE-2023-26296 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | N/A | 8.8 HIGH |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | |||||
| CVE-2023-26295 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | N/A | 9.8 CRITICAL |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | |||||
| CVE-2023-26294 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | N/A | 7.8 HIGH |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | |||||
| CVE-2024-13129 | 2025-01-03 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component. | |||||
| CVE-2023-27837 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-03 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. | |||||
| CVE-2024-13062 | 2025-01-02 | N/A | 7.2 HIGH | ||
| An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | |||||
| CVE-2024-12912 | 2025-01-02 | N/A | 7.2 HIGH | ||
| An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | |||||
| CVE-2023-35390 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2025-01-01 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-12985 | 2024-12-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-13712 | 2024-12-26 | N/A | 7.8 HIGH | ||
| A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected. | |||||
| CVE-2024-25255 | 2024-12-24 | N/A | 9.8 CRITICAL | ||
| Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior. | |||||
| CVE-2024-42427 | 1 Dell | 1 Wyse Thinos | 2024-12-20 | N/A | 7.6 HIGH |
| Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||