Total
2943 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22759 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22761 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22768 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22769 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22770 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-07 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-36983 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-07 | 8 High |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. | ||||
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2025-03-07 | 9.3 Critical |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | ||||
| CVE-2023-0093 | 1 Okta | 1 Advanced Server Access | 2025-03-06 | 8.8 High |
| Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | ||||
| CVE-2021-4329 | 1 Json-logic-js Project | 1 Json-logic-js | 2025-03-05 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-25743 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2025-03-05 | 7.2 High |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | ||||
| CVE-2023-27986 | 1 Gnu | 1 Emacs | 2025-03-05 | 7.8 High |
| emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | ||||
| CVE-2023-27985 | 1 Gnu | 1 Emacs | 2025-03-05 | 7.8 High |
| emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 | ||||
| CVE-2025-27146 | 1 Matrix | 1 Matrix Irc Bridge | 2025-03-04 | 2.7 Low |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4. | ||||
| CVE-2025-23119 | 2025-03-04 | N/A | ||
| An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network. | ||||
| CVE-2025-24861 | 1 Outbackpower | 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware | 2025-03-04 | 7.5 High |
| An attacker may inject commands via specially-crafted post requests. | ||||
| CVE-2025-1947 | 2025-03-04 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1946 | 2025-03-04 | 6.3 Medium | ||
| A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5355 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267. | ||||
| CVE-2023-21778 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 8 High |
| Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | ||||
| CVE-2023-1277 | 1 Ubuntukylin | 1 Kylin-system-updater | 2025-02-28 | 7.8 High |
| A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600. | ||||