Skip to main content

Command Injection

7747 CVEs technique

Monthly

CVE-2024-11659 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11658 MEDIUM POC THREAT This Month

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11657 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11656 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11655 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11654 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11653 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11652 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens500 Ac Firmware Ens620Ext Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
28.9%
CVE-2024-11651 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
26.2%
CVE-2024-11665 HIGH POC This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.0.4. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salia Plcc Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-53899 PyPI HIGH POC PATCH This Week

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Virtualenv
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-52034 CRITICAL Act Now

An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2024-47407 CRITICAL POC THREAT Emergency

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
64.2%
CVE-2024-8360 MEDIUM This Month

Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8359 MEDIUM This Month

Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8358 MEDIUM This Month

Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-8809 HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-8808 HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-8807 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-8806 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-6247 MEDIUM This Month

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cam V3 Firmware
NVD
CVSS 3.0
6.8
EPSS
2.2%
CVE-2024-5720 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-5719 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-5717 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2024-37782 CRITICAL Act Now

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-52723 CRITICAL Act Now

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-48861 HIGH This Week

An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
7.3
EPSS
0.8%
CVE-2024-48860 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-38644 HIGH This Week

An OS command injection vulnerability has been reported to affect Notes Station 3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Notes Station 3
NVD
CVSS 4.0
8.7
EPSS
1.6%
CVE-2024-31408 HIGH This Week

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
8.0
EPSS
1.1%
CVE-2024-53333 MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
18.9%
CVE-2024-48288 HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
10.3%
CVE-2024-48286 HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
12.4%
CVE-2024-52803 PyPI CRITICAL POC PATCH Act Now

LLama Factory enables fine-tuning of large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection Llama Factory
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-48747 MEDIUM This Month

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-29224 CRITICAL Act Now

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2024-28892 Go CRITICAL Act Now

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2024-28027 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
7.5%
CVE-2024-28026 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2024-28025 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
7.5%
CVE-2024-21786 HIGH POC THREAT This Week

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
10.5%
CVE-2024-7517 HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 4.0
8.5
EPSS
0.6%
CVE-2024-11320 MEDIUM POC THREAT This Month

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
6.9
EPSS
91.2%
CVE-2024-51151 CRITICAL POC THREAT Act Now

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.7%
CVE-2024-33439 CRITICAL Act Now

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-52739 HIGH POC This Week

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8400 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
9.1%
CVE-2024-29292 CRITICAL Act Now

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-48895 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-51503 HIGH This Week

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro Deep Security Agent
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-11003 HIGH PATCH This Week

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Needrestart
NVD GitHub
CVSS 3.1
7.8
EPSS
11.5%
CVE-2024-52587 LOW Monitor

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
2.7
EPSS
2.7%
CVE-2024-9474 MEDIUM POC KEV THREAT This Month

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Paloalto Command Injection Pan Os
NVD GitHub
CVSS 4.0
6.9
EPSS
94.8%
CVE-2024-52434 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.10.29. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-45505 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Command Injection Hertzbeat
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-44759 HIGH This Week

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nus M9 Erp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-24431 HIGH POC This Week

A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24426 Go HIGH This Week

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-10443 CRITICAL POC THREAT Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Synology Photos Beephotos
NVD
CVSS 3.1
9.8
EPSS
28.4%
CVE-2024-11120 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Vs12 Firmware Gv Vs11 Firmware Gv Dsp Lpr Firmware Gvlx 4 Firmware
NVD
CVSS 3.1
9.8
EPSS
28.6%
CVE-2024-52308 Go CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-4343 CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-2552 MEDIUM This Month

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Paloalto Command Injection Pan Os
NVD
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-51027 MEDIUM This Month

Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
6.5
EPSS
6.8%
CVE-2024-50853 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-50852 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28729 CRITICAL Act Now

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dwr 2000M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28726 HIGH This Week

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
8.1%
CVE-2024-49042 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-43613 HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft Azure Database For Postgresql Flexible Server
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-32118 MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-49026 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-52010 Go HIGH PATCH This Week

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.6
EPSS
1.4%
CVE-2024-11006 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-11005 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-11007 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-46890 CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sinec Ins
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-45827 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-49560 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-49557 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-25255 CRITICAL Act Now

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-51186 HIGH POC This Week

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 820L Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-36061 CRITICAL Act Now

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ews356 Fit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-11066 HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-11065 HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-11064 HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-11063 HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-11062 HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-41992 HIGH This Week

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-11046 MEDIUM POC This Month

A vulnerability was found in D-Link DI-8003 16.07.16A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8003 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 27% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 27% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 29% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens500 Ac Firmware +1
NVD VulDB
EPSS 26% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.0.4. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salia Plcc Firmware
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Virtualenv
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL Act Now

An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 64% CVSS 10.0
CRITICAL POC THREAT Emergency

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cam V3 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 1% CVSS 9.5
CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 2% CVSS 8.7
HIGH This Week

An OS command injection vulnerability has been reported to affect Notes Station 3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Notes Station 3
NVD
EPSS 1% CVSS 8.0
HIGH This Week

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 19% CVSS 6.3
MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
EPSS 10% CVSS 8.0
HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
EPSS 12% CVSS 8.0
HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

LLama Factory enables fine-tuning of large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection Llama Factory
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL Act Now

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 6% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 11% CVSS 7.2
HIGH POC THREAT This Week

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 1% CVSS 8.5
HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 91% CVSS 6.9
MEDIUM POC THREAT This Month

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
EPSS 30% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8200 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 9% CVSS 8.0
HIGH POC This Week

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8400 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro +1
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Needrestart
NVD GitHub
EPSS 3% CVSS 2.7
LOW Monitor

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 95% CVSS 6.9
MEDIUM POC KEV THREAT This Month

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Paloalto Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.10.29. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Command Injection Hertzbeat
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nus M9 Erp
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service Open5gs
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD GitHub
EPSS 28% CVSS 9.8
CRITICAL POC THREAT Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Synology +2
NVD
EPSS 29% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Vs12 Firmware Gv Vs11 Firmware +2
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Paloalto Command Injection +1
NVD
EPSS 7% CVSS 6.5
MEDIUM This Month

Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 8% CVSS 8.0
HIGH This Week

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection RCE
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +5
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sinec Ins
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware +9
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ews356 Fit Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DI-8003 16.07.16A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8003 Firmware
NVD GitHub VulDB
Prev Page 34 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy