Vulnerabilities (CVE)

Filtered by CWE-77
Total 3410 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-32314 1 Tenda 2 Ac500, Ac500 Firmware 2026-06-17 N/A 3.8 LOW
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
CVE-2024-32292 1 Tenda 2 W30e, W30e Firmware 2026-06-17 N/A 8.8 HIGH
Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
CVE-2024-32283 1 Tenda 2 Fh1203, Fh1203 Firmware 2026-06-17 N/A 7.3 HIGH
Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter.
CVE-2024-32282 1 Tenda 2 Fh1202, Fh1202 Firmware 2026-06-17 N/A 6.3 MEDIUM
Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
CVE-2024-32281 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 N/A 8.8 HIGH
Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter.
CVE-2024-32027 1 Bmaltais 1 Kohya Ss 2026-06-17 N/A 9.1 CRITICAL
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.
CVE-2024-32026 1 Bmaltais 1 Kohya Ss 2026-06-17 N/A 9.1 CRITICAL
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.
CVE-2024-32025 1 Bmaltais 1 Kohya Ss 2026-06-17 N/A 9.1 CRITICAL
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.
CVE-2024-32022 1 Bmaltais 1 Kohya Ss 2026-06-17 N/A 9.1 CRITICAL
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.
CVE-2024-31811 1 Totolink 2 Ex200, Ex200 Firmware 2026-06-17 N/A 8.0 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVE-2024-31485 2026-06-17 N/A 7.2 HIGH
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-30891 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 8.8 HIGH
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.
CVE-2024-30637 1 Tenda 2 F1202, F1202 Firmware 2026-06-17 N/A 8.8 HIGH
Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter.
CVE-2024-30572 1 Netgear 2 R6850, R6850 Firmware 2026-06-17 N/A 8.0 HIGH
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
CVE-2024-30368 1 A10networks 1 Advanced Core Operating System 2026-06-17 N/A 8.8 HIGH
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517.
CVE-2024-30220 1 Planex 4 Mzk-mf300hp2, Mzk-mf300hp2 Firmware, Mzk-mf300n and 1 more 2026-06-17 N/A 8.8 HIGH
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVE-2024-30213 2026-06-17 N/A 8.8 HIGH
StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution.
CVE-2024-30167 2026-06-17 N/A 6.3 MEDIUM
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.
CVE-2024-2991 1 Tenda 2 Fh1203, Fh1203 Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2982 1 Tenda 2 Fh1202, Fh1202 Firmware 2026-06-17 5.2 MEDIUM 5.5 MEDIUM
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.