Total
2943 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4212 | 1 Trane | 8 Pivot, Pivot Firmware, Xl1050 and 5 more | 2025-01-16 | 6.8 Medium |
| A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick. | ||||
| CVE-2024-3009 | 1 Tenda | 2 Fh1205, Fh1205 Firmware | 2025-01-15 | 6.3 Medium |
| A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 8.8 High |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2017-12075 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | ||||
| CVE-2022-47028 | 1 Actionlauncher | 1 Action Launcher | 2025-01-14 | 5.5 Medium |
| An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | ||||
| CVE-2015-20108 | 1 Onelogin | 1 Ruby-saml | 2025-01-14 | 9.8 Critical |
| xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | ||||
| CVE-2020-29547 | 1 Citadel | 1 Webcit | 2025-01-14 | 5.9 Medium |
| An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | ||||
| CVE-2024-2982 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-01-14 | 5.5 Medium |
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-24630 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | 7.2 High |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. | ||||
| CVE-2023-26129 | 1 Bwm-ng Project | 1 Bwm-ng | 2025-01-13 | 8.4 High |
| All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-26128 | 1 Keep-module-latest Project | 1 Keep-module-latest | 2025-01-13 | 8.4 High |
| All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2023-26127 | 1 N158 Project | 1 N158 | 2025-01-13 | 7.8 High |
| All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. | ||||
| CVE-2025-0396 | 2025-01-13 | 7.8 High | ||
| A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-24377 | 1 Idocv | 1 Idocview | 2025-01-13 | 9.8 Critical |
| An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. | ||||
| CVE-2022-32203 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | 9.8 Critical |
| There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203. | ||||
| CVE-2023-34153 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-10 | 7.8 High |
| A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | ||||
| CVE-2023-33722 | 1 Edimax | 2 Br-6288acl, Br-6288acl Firmware | 2025-01-10 | 8.8 High |
| EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. | ||||
| CVE-2022-46361 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2025-01-09 | 6.9 Medium |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | ||||
| CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-09 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | ||||
| CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2025-01-09 | 9.8 Critical |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | ||||