Vulnerabilities (CVE)

Filtered by CWE-77
Total 3412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-51317 1 Netsurf-browser 1 Netsurf 2026-06-17 N/A 6.5 MEDIUM
An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
CVE-2024-51304 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVE-2024-51301 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVE-2024-51300 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVE-2024-51299 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVE-2024-51296 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVE-2024-51260 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 9.8 CRITICAL
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2024-51259 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 9.8 CRITICAL
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVE-2024-51258 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVE-2024-51257 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVE-2024-51255 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 9.8 CRITICAL
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVE-2024-51254 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2026-06-17 N/A 8.8 HIGH
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51186 1 Dlink 2 Dir-820l, Dir-820l Firmware 2026-06-17 N/A 8.0 HIGH
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2024-51151 1 Dlink 2 Di-8200, Di-8200 Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.
CVE-2024-51115 1 Dcnetworks 2 Dcme-320, Dcme-320 Firmware 2026-06-17 N/A 9.8 CRITICAL
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
CVE-2024-51114 2026-06-17 N/A 8.8 HIGH
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVE-2024-51027 2026-06-17 N/A 6.5 MEDIUM
Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.
CVE-2024-50853 1 Tendacn 2 G3, G3 Firmware 2026-06-17 N/A 8.8 HIGH
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
CVE-2024-50852 1 Tendacn 2 G3, G3 Firmware 2026-06-17 N/A 8.8 HIGH
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
CVE-2024-50591 2026-06-17 N/A 7.8 HIGH
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the service to update or repair the installation and is running with user permissions. The communication is implemented using named pipes. A crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject commands, which are then executed as "NT AUTHORITY\SYSTEM".