Total
1788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2916 | 2025-03-28 | N/A | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2025-03-28 | N/A | 9.8 CRITICAL |
| The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | |||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 8.8 HIGH |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | |||||
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | |||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | |||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | |||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | |||||
| CVE-2023-24144 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | |||||
| CVE-2023-24145 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | |||||
| CVE-2023-24146 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | |||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | |||||
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | |||||
| CVE-2023-24151 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2021-31575 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||
| CVE-2023-24154 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | |||||
| CVE-2023-24150 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24152 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24153 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24156 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24157 | 1 Totolink | 2 T8, T8 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||