Vulnerabilities (CVE)

Filtered by CWE-77
Total 3412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-44410 1 Dlink 2 Di-8300, Di-8300 Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVE-2024-44402 1 Dlink 2 Di-8100g, Di-8100g Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVE-2024-44401 1 Dlink 2 Di-8100g, Di-8100g Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVE-2024-44400 1 Dlink 2 Di-8400, Di-8400 Firmware 2026-06-17 N/A 9.8 CRITICAL
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVE-2024-44383 1 Wayos 2 Fbm-291w, Fbm-291w Firmware 2026-06-17 N/A 6.8 MEDIUM
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
CVE-2024-44382 1 Dlink 2 Di 8004w, Di 8004w Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
CVE-2024-44381 1 Dlink 2 Di 8004w, Di 8004w Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
CVE-2024-44335 2026-06-17 N/A 8.8 HIGH
D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.
CVE-2024-44334 2026-06-17 N/A 8.8 HIGH
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.
CVE-2024-43693 1 Doverfuelingsolutions 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more 2026-06-17 N/A 10.0 CRITICAL
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43613 1 Microsoft 1 Azure Database For Postgresql Flexible Server 2026-06-17 N/A 7.2 HIGH
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43601 2 Linux, Microsoft 2 Linux Kernel, Visual Studio Code 2026-06-17 N/A 7.8 HIGH
Visual Studio Code for Linux Remote Code Execution Vulnerability
CVE-2024-43591 1 Microsoft 2 Azure Command-line Interface, Azure Service Connector 2026-06-17 N/A 8.7 HIGH
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVE-2024-43497 1 Microsoft 1 Deepspeed 2026-06-17 N/A 8.4 HIGH
DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43028 1 Jeecg 1 Jeecg Boot 2026-06-17 N/A 9.8 CRITICAL
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
CVE-2024-43027 1 Draytek 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more 2026-06-17 N/A 8.0 HIGH
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.
CVE-2024-42947 1 Tenda 2 Fh1201, Fh1201 Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42905 2026-06-17 N/A 9.8 CRITICAL
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
CVE-2024-42636 1 Dedecms 1 Dedecms 2026-06-17 N/A 7.2 HIGH
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
CVE-2024-42509 2026-06-17 N/A 9.8 CRITICAL
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.