Total
3412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44410 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | |||||
| CVE-2024-44402 | 1 Dlink | 2 Di-8100g, Di-8100g Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. | |||||
| CVE-2024-44401 | 1 Dlink | 2 Di-8100g, Di-8100g Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | |||||
| CVE-2024-44400 | 1 Dlink | 2 Di-8400, Di-8400 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | |||||
| CVE-2024-44383 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. | |||||
| CVE-2024-44382 | 1 Dlink | 2 Di 8004w, Di 8004w Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. | |||||
| CVE-2024-44381 | 1 Dlink | 2 Di 8004w, Di 8004w Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. | |||||
| CVE-2024-44335 | 2026-06-17 | N/A | 8.8 HIGH | ||
| D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. | |||||
| CVE-2024-44334 | 2026-06-17 | N/A | 8.8 HIGH | ||
| D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp. | |||||
| CVE-2024-43693 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-43613 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2026-06-17 | N/A | 7.2 HIGH |
| Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | |||||
| CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2026-06-17 | N/A | 7.8 HIGH |
| Visual Studio Code for Linux Remote Code Execution Vulnerability | |||||
| CVE-2024-43591 | 1 Microsoft | 2 Azure Command-line Interface, Azure Service Connector | 2026-06-17 | N/A | 8.7 HIGH |
| Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | |||||
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2026-06-17 | N/A | 8.4 HIGH |
| DeepSpeed Remote Code Execution Vulnerability | |||||
| CVE-2024-43028 | 1 Jeecg | 1 Jeecg Boot | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2024-43027 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2026-06-17 | N/A | 8.0 HIGH |
| DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. | |||||
| CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2024-42905 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file. | |||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 7.2 HIGH |
| DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | |||||
| CVE-2024-42509 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
