Total
2570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22127 | 1 Sap | 1 Netweaver Application Server Java | 2025-02-07 | N/A | 9.1 CRITICAL |
| SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-30638 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2025-02-07 | N/A | 7.2 HIGH |
| Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | |||||
| CVE-2023-29084 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-02-07 | N/A | 7.2 HIGH |
| Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | |||||
| CVE-2024-34352 | 1 Fit2cloud | 1 1panel | 2025-02-07 | N/A | 6.5 MEDIUM |
| 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts. | |||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | |||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | |||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2019-14944 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | |||||
| CVE-2022-46640 | 1 Nanoleaf | 1 Nanoleaf Desktop | 2025-02-06 | N/A | 9.8 CRITICAL |
| Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | |||||
| CVE-2024-53615 | 2025-02-06 | N/A | 6.5 MEDIUM | ||
| A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. | |||||
| CVE-2023-29855 | 1 Wbce | 1 Wbce Cms | 2025-02-06 | N/A | 7.2 HIGH |
| WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | |||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2025-02-05 | N/A | 9.8 CRITICAL |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-02-05 | N/A | 7.2 HIGH |
| VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | |||||
| CVE-2024-2352 | 1 Fit2cloud | 1 1panel | 2025-02-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304. | |||||
| CVE-2023-27849 | 1 Rails-routes-to-json Project | 1 Rails-routes-to-json | 2025-02-04 | N/A | 9.8 CRITICAL |
| rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2025-02-04 | N/A | 9.8 CRITICAL |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2024-53290 | 1 Dell | 1 Thinos | 2025-02-04 | N/A | 8.4 HIGH |
| Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution | |||||
| CVE-2024-57583 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | |||||