Filtered by CWE-77
Total 2682 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-29366 1 Dlink 2 Dir-845l, Dir-845l Firmware 2025-06-17 8.8 High
A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.
CVE-2025-25504 1 Niceforyou 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc 2025-06-17 6.5 Medium
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
CVE-2024-29385 1 Dlink 2 Dir-845l, Dir-845l Firmware 2025-06-17 9.0 Critical
DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.
CVE-2024-29864 1 89luca89 1 Distrobox 2025-06-17 9.8 Critical
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.
CVE-2023-51295 1 Phpjabbers 1 Event Booking Calendar 2025-06-16 6.5 Medium
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2025-6102 2025-06-16 8.8 High
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6103 2025-06-16 8.8 High
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-45025 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-06-16 9 Critical
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVE-2025-5126 1 Flir 2 Flir Ax8, Flir Ax8 Firmware 2025-06-16 8.8 High
A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6104 2025-06-16 8.8 High
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-21413 1 Axis 1 Axis Os 2025-06-16 9.1 Critical
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2025-22237 2025-06-16 6.7 Medium
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
CVE-2025-4231 1 Palo Alto Networks 1 Pan-os 2025-06-16 N/A
A command injection vulnerability in Palo Alto Networks PAN-OSĀ® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVE-2025-27954 1 Philips 1 Clinical Collaboration Platform 2025-06-13 6.5 Medium
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVE-2025-27953 1 Philips 1 Clinical Collaboration Platform 2025-06-13 6.5 Medium
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVE-2025-44868 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2025-06-13 9.8 Critical
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2024-55063 1 Easyvirt 1 Dc Netscope 2025-06-12 8.8 High
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to /international/settings/keyboard; the (4) timezone parameter to /international/settings/timezone.
CVE-2025-43714 1 Openai 1 Chatgpt 2025-06-12 6.5 Medium
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.
CVE-2025-5000 1 Linksys 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more 2025-06-12 6.3 Medium
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-4999 1 Linksys 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more 2025-06-12 6.3 Medium
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.