Skip to main content

Command Injection

7747 CVEs technique

Monthly

CVE-2024-50715 HIGH POC This Week

An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Command Injection RCE Smart Agent
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-12987 MEDIUM POC KEV THREAT This Month

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
98.1%
CVE-2024-12986 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4.cgi/apmcfgupptim of the component Web Management Interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
32.8%
CVE-2024-12856 HIGH POC THREAT This Week

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection F3X36 Firmware F3X24 Firmware
NVD
CVSS 3.1
7.2
EPSS
82.2%
CVE-2024-12985 MEDIUM This Month

A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2024-53256 HIGH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-54082 HIGH This Week

home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2024-46873 CRITICAL Act Now

Multiple SHARP routers leave the hidden debug function enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2024-45721 HIGH This Week

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2024-28767 HIGH This Week

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Directory Integrator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12829 HIGH This Week

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ng Firewall
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-12111 HIGH This Week

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass.3(4.4); 24.3(4.5). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-55461 CRITICAL POC Act Now

SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Seacms
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-12686 HIGH KEV THREAT This Week

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privileged Remote Access Remote Support
NVD
CVSS 3.1
7.2
EPSS
13.8%
CVE-2024-48889 HIGH This Week

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-53688 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-39703 HIGH This Week

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-31668 CRITICAL PATCH Act Now

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Rizin
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-49194 Maven HIGH PATCH This Week

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-12356 CRITICAL POC KEV THREAT Emergency

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privileged Remote Access Remote Support
NVD
CVSS 3.1
9.8
EPSS
88.0%
CVE-2024-56087 MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-56086 HIGH This Week

An issue was discovered in Logpoint before 7.5.0. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Command Injection Siem
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-56085 MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-56084 HIGH This Week

An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Command Injection Universal Normalizer
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-53376 HIGH POC THREAT This Week

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cyberpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
11.0%
CVE-2024-11858 HIGH This Week

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Radare2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-55956 CRITICAL POC KEV THREAT Emergency

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Lexicom Vltrader
NVD
CVSS 3.1
9.8
EPSS
93.8%
CVE-2024-48008 MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22461 HIGH This Week

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-52058 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Connext Professional
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-53290 HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2024-54008 HIGH This Week

An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-11772 HIGH This Week

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
7.7%
CVE-2024-11634 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-55547 CRITICAL Act Now

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.01e. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
9.3
EPSS
16.9%
CVE-2024-55544 HIGH POC THREAT This Week

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
8.7
EPSS
11.7%
CVE-2024-28138 HIGH This Week

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-53919 HIGH This Week

An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-12358 MEDIUM POC This Month

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Datax Web
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.9%
CVE-2024-12350 MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Command Injection Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.6%
CVE-2024-47115 HIGH This Week

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-52320 CRITICAL Act Now

The affected product is vulnerable to a command injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.3%
CVE-2024-54143 CRITICAL Act Now

openwrt/asu is an image on demand server for OpenWrt based distributions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-50393 HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-50388 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hybrid Backup Sync
NVD
CVSS 4.0
9.5
EPSS
2.3%
CVE-2024-48863 HIGH This Week

A command injection vulnerability has been reported to affect License Center. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection License Center
NVD
CVSS 4.0
7.7
EPSS
1.0%
CVE-2024-53442 CRITICAL Act Now

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-52564 HIGH This Week

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-47133 HIGH This Week

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2024-51465 HIGH This Week

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection App Connect Enterprise Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53672 MEDIUM This Month

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-51772 HIGH This Week

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-51771 HIGH This Week

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-51114 HIGH This Week

An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-29404 HIGH This Week

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-9200 HIGH This Week

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Emg6726 B10a Firmware Vmg3927 B50B Firmware Vmg4005 B50a Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-53940 HIGH This Week

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-53939 HIGH This Week

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-53375 HIGH This Week

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
40.7%
CVE-2024-53992 HIGH This Week

unzip-bot is a Telegram bot to extract various types of archives. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-36622 CRITICAL PATCH Act Now

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection PHP Command Injection RCE Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-49803 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Verify Access
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11983 HIGH This Week

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-11482 CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-11013 HIGH This Week

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-10896 MEDIUM POC This Month

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection Logo Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51228 MEDIUM POC This Month

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.8
EPSS
3.8%
CVE-2024-31976 HIGH This Week

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ews356 Fir Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-9461 HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection Total Upkeep
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38831 HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-50377 MEDIUM This Month

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<=. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-50376 MEDIUM This Month

A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3),. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
5.2
EPSS
0.5%
CVE-2024-50375 CRITICAL Act Now

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-50374 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-50373 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50372 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50371 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50370 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-50369 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50368 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50367 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50366 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50365 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50364 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50363 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50362 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50361 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-50360 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50359 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-8160 LOW Monitor

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Axis Os Axis Os 2022 Axis Os 2024
NVD
CVSS 3.1
2.7
EPSS
0.6%
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Command Injection +2
NVD
EPSS 98% CVSS 6.9
MEDIUM POC KEV THREAT This Month

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware
NVD VulDB
EPSS 33% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4.cgi/apmcfgupptim of the component Web Management Interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware
NVD VulDB
EPSS 82% CVSS 7.2
HIGH POC THREAT This Week

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection F3X36 Firmware F3X24 Firmware
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Multiple SHARP routers leave the hidden debug function enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Directory Integrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ng Firewall
NVD
EPSS 0% CVSS 8.0
HIGH This Week

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass.3(4.4); 24.3(4.5). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Seacms
NVD
EPSS 14% CVSS 7.2
HIGH KEV THREAT This Week

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privileged Remote Access Remote Support
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortimanager Fortimanager Cloud
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.7
HIGH This Week

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Rizin
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 88% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privileged Remote Access Remote Support
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An issue was discovered in Logpoint before 7.5.0. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Command Injection Siem
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in Logpoint before 7.5.0. Rated medium severity (CVSS 5.9). No vendor patch available.

Command Injection Siem
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Command Injection Universal Normalizer
NVD
EPSS 11% CVSS 8.8
HIGH POC THREAT This Week

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cyberpanel
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Radare2
NVD
EPSS 94% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Lexicom +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Dell +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Dell +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Connext Professional
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 8% CVSS 7.2
HIGH This Week

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 17% CVSS 9.3
CRITICAL Act Now

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.01e. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iap 420 Firmware
NVD
EPSS 12% CVSS 8.7
HIGH POC THREAT This Week

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
EPSS 1% CVSS 7.3
HIGH This Week

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD
EPSS 0% CVSS 7.6
HIGH This Week

An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Datax Web
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Command Injection Jfinalcms
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Command Injection Vios +1
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The affected product is vulnerable to a command injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

openwrt/asu is an image on demand server for OpenWrt based distributions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.7
HIGH This Week

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qnap Qts +1
NVD
EPSS 2% CVSS 9.5
CRITICAL Act Now

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hybrid Backup Sync
NVD
EPSS 1% CVSS 7.7
HIGH This Week

A command injection vulnerability has been reported to affect License Center. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection License Center
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection App Connect Enterprise Certified Container
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
EPSS 0% CVSS 8.0
HIGH This Week

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Aruba +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Command Injection
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Emg6726 B10a Firmware +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 41% CVSS 8.0
HIGH This Week

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

unzip-bot is a Telegram bot to extract various types of archives. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection PHP Command Injection +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Verify Access
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection +1
NVD WPScan
EPSS 4% CVSS 6.8
MEDIUM POC This Month

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ews356 Fir Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection VMware +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<=. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3),. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection Eki 6333Ac 2G Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Eki 6333Ac 2G Firmware +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware +1
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Axis Os Axis Os 2022 +1
NVD
Prev Page 33 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy