Total
1788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | |||||
| CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2025-02-06 | N/A | 6.7 MEDIUM |
| Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | |||||
| CVE-2019-14944 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | |||||
| CVE-2022-46640 | 1 Nanoleaf | 1 Nanoleaf Desktop | 2025-02-06 | N/A | 9.8 CRITICAL |
| Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | |||||
| CVE-2023-29855 | 1 Wbce | 1 Wbce Cms | 2025-02-06 | N/A | 7.2 HIGH |
| WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | |||||
| CVE-2024-23346 | 1 Materialsvirtuallab | 1 Pymatgen | 2025-02-05 | N/A | 7.8 HIGH |
| Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. | |||||
| CVE-2025-24150 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-05 | N/A | 8.8 HIGH |
| A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. | |||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2025-02-05 | N/A | 9.8 CRITICAL |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-02-05 | N/A | 7.2 HIGH |
| VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | |||||
| CVE-2023-27849 | 1 Rails-routes-to-json Project | 1 Rails-routes-to-json | 2025-02-04 | N/A | 9.8 CRITICAL |
| rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2025-02-04 | N/A | 9.8 CRITICAL |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2024-53290 | 1 Dell | 1 Thinos | 2025-02-04 | N/A | 8.4 HIGH |
| Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution | |||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2024-57583 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | |||||
| CVE-2022-40765 | 1 Mitel | 1 Mivoice Connect | 2025-02-04 | N/A | 6.8 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | |||||
| CVE-2024-0740 | 1 Eclipse | 1 Target Management | 2025-02-03 | N/A | 9.8 CRITICAL |
| Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 | |||||
| CVE-2023-22790 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-31 | N/A | 8.8 HIGH |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-22789 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-31 | N/A | 8.8 HIGH |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2024-25951 | 1 Dell | 1 Idrac8 | 2025-01-31 | N/A | 8.0 HIGH |
| A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | |||||