Total
4699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. | |||||
| CVE-2024-51253 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. | |||||
| CVE-2024-45882 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.` | |||||
| CVE-2024-45884 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.` | |||||
| CVE-2024-45885 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.` | |||||
| CVE-2024-45887 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.` | |||||
| CVE-2024-45888 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.' | |||||
| CVE-2024-45889 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.` | |||||
| CVE-2024-45890 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.` | |||||
| CVE-2024-45891 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.` | |||||
| CVE-2024-45893 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.` | |||||
| CVE-2024-46316 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. | |||||
| CVE-2023-40504 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
| LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19953. | |||||
| CVE-2023-40505 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 9.8 CRITICAL |
| LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createThumbnailByMovie method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19978. | |||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2024-41585 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-04-10 | N/A | 6.8 MEDIUM |
| DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. | |||||
| CVE-2022-44149 | 1 Nexxtsolutions | 2 Amp300, Amp300 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
| The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required | |||||
| CVE-2025-27797 | 2025-04-09 | N/A | 9.8 CRITICAL | ||
| OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. | |||||