Vulnerabilities (CVE)

Filtered by CWE-77
Total 3402 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11652 1 Engeniustech 6 Enh1350ext, Enh1350ext Firmware, Ens500-ac and 3 more 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-11651 1 Engeniustech 6 Enh1350ext, Enh1350ext Firmware, Ens500-ac and 3 more 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5 leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-11634 1 Ivanti 2 Connect Secure, Policy Secure 2026-06-17 N/A 9.1 CRITICAL
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVE-2024-11320 1 Pandorafms 1 Pandora Fms 2026-06-17 N/A 9.8 CRITICAL
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
CVE-2024-11046 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11013 2026-06-17 N/A 7.2 HIGH
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface.
CVE-2024-10966 1 Totolink 2 X18, X18 Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10697 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10443 1 Synology 4 Beephotos, Beestation Os, Diskstation Manager and 1 more 2026-06-17 N/A 9.8 CRITICAL
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2024-10435 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10429 1 Wavlink 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-10428 1 Wavlink 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-10193 1 Wavlink 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-10035 1 Bg-tek 1 Coslat 2026-06-17 N/A 9.8 CRITICAL
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.
CVE-2024-0920 1 Trendnet 2 Tew-822dre, Tew-822dre Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0919 1 Trendnet 2 Tew-815dap, Tew-815dap Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0817 1 Paddlepaddle 1 Paddlepaddle 2026-06-17 N/A 7.8 HIGH
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
CVE-2024-0740 1 Eclipse 1 Target Management 2026-06-17 N/A 9.8 CRITICAL
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03
CVE-2024-0579 1 Totolink 2 X2000r, X2000r Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0507 1 Github 1 Enterprise Server 2026-06-17 N/A 6.5 MEDIUM
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.