Skip to main content

Command Injection

7748 CVEs technique

Monthly

CVE-2024-48441 HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-48440 HIGH This Week

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-48964 npm HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-48963 npm HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-20424 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-20275 MEDIUM This Month

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-47901 CRITICAL Act Now

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
10.0
EPSS
1.2%
CVE-2024-48904 CRITICAL Act Now

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro Cloud Edge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-45518 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS Command Injection Collaboration
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2024-41714 HIGH This Week

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab Mivoice Business Solution Virtual Instance
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-41712 MEDIUM This Month

A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-40089 CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-35314 CRITICAL Act Now

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab Mivoice Business Solution Virtual Instance
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-35285 CRITICAL Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection Micollab
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-48659 CRITICAL POC Act Now

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Dcme 320 L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-10202 HIGH This Week

Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Administrative Management System
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-10193 MEDIUM POC THREAT This Month

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical.cgi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware Wn572Hg3 Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
15.0%
CVE-2024-10119 CRITICAL Act Now

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrtm326 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-9264 Go CRITICAL POC PATCH THREAT Act Now

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Grafana
NVD
CVSS 4.0
9.4
EPSS
97.8%
CVE-2024-10118 CRITICAL Act Now

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-49281 MEDIUM This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Ninja Team Click to Chat - WP Support All-in-One Floating Widget support-chat allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48638 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48637 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48636 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48635 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48634 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
16.7%
CVE-2024-48633 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.0%
CVE-2024-48632 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.0%
CVE-2024-48631 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48630 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-48629 HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-6333 HIGH This Week

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-20461 MEDIUM This Month

A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-20459 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-20458 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-22033 MEDIUM This Month

The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
5.1
EPSS
0.9%
CVE-2024-49271 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization Elementor
NVD VulDB
CVSS 3.1
9.1
EPSS
2.8%
CVE-2024-48042 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.7.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD VulDB
CVSS 3.1
9.1
EPSS
1.9%
CVE-2024-9977 MEDIUM This Month

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
22.1%
CVE-2024-35520 MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
9.1%
CVE-2024-35519 MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware Ex6100 Firmware Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-35518 MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-48153 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41997 MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Docker
NVD GitHub
CVSS 3.1
6.6
EPSS
1.2%
CVE-2024-9139 HIGH This Week

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
8.6
EPSS
1.4%
CVE-2024-9916 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Usualtoolcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
73.7%
CVE-2024-35522 HIGH POC This Week

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear Ex3700 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-35517 HIGH This Week

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netgear Xr1000 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
14.1%
CVE-2024-44414 HIGH This Week

A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical.htm file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-44413 HIGH This Week

A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical.asp file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-39563 MEDIUM This Month

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos Space
NVD
CVSS 4.0
6.9
EPSS
1.3%
CVE-2024-8755 CRITICAL Act Now

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Loadmaster
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9793 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
21.5%
CVE-2024-38817 MEDIUM This Month

VMware NSX contains a command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-9464 CRITICAL Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.3
EPSS
81.7%
CVE-2024-9463 CRITICAL POC KEV THREAT Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.9
EPSS
98.4%
CVE-2024-46316 HIGH This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2024-7840 HIGH This Week

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-39438 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39437 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39436 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-45179 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection C Mor Video Surveillance
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2024-43601 HIGH PATCH This Week

Visual Studio Code for Linux Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-43591 CRITICAL PATCH Act Now

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Microsoft Azure Command Line Interface Azure Service Connector
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-43497 PyPI HIGH PATCH This Week

DeepSpeed Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Deepspeed
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-9380 HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
63.0%
CVE-2024-45880 HIGH This Week

A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-47562 CRITICAL Act Now

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Sinec Security Monitor
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-8983 MEDIUM POC This Month

Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection Custom Twitter Feeds
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-21532 npm HIGH This Week

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-8926 HIGH POC This Week

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2024-45252 CRITICAL Act Now

Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-45251 CRITICAL Act Now

Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-9054 HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
15.0%
CVE-2024-46486 HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE Tl Wdr5620 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-6400 HIGH This Week

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Command Injection Finrota
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-46658 HIGH This Week

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
23.7%
CVE-2024-41585 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3910 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-45519 CRITICAL POC KEV THREAT Act Now

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2024-9441 CRITICAL Act Now

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
53.5%
CVE-2024-20492 MEDIUM This Month

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Video Communication Server
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20444 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Denial Of Service Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-20432 HIGH This Week

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-20365 HIGH This Week

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-46084 HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-47608 MEDIUM This Month

Logicytics is designed to harvest and collect data for forensic analysis. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Logicytics
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-44610 MEDIUM POC This Month

PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
5.6
EPSS
1.0%
CVE-2024-9145 HIGH This Week

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-21531 npm MEDIUM This Month

All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-23961 MEDIUM This Month

Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.0%
EPSS 2% CVSS 8.8
HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Snyk Cli
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Snyk Cli
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Intermesh 7177 Hybrid 2 0 Subscriber +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro +1
NVD
EPSS 20% CVSS 8.8
HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +2
NVD
EPSS 1% CVSS 6.6
MEDIUM This Month

A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection Micollab
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Administrative Management System
NVD
EPSS 15% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical.cgi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn530H4 Firmware Wn530Hg4 Firmware +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrtm326 Firmware
NVD
EPSS 98% CVSS 9.4
CRITICAL POC PATCH THREAT Act Now

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Ninja Team Click to Chat - WP Support All-in-One Floating Widget support-chat allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS
NVD VulDB
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 17% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 882 Firmware +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI&nbsp;of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization Elementor
NVD VulDB
EPSS 2% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.7.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD VulDB
EPSS 22% CVSS 5.1
MEDIUM This Month

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 9% CVSS 6.8
MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware +2
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 74% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Usualtoolcms
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH POC This Week

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear Ex3700 Firmware
NVD GitHub
EPSS 14% CVSS 7.2
HIGH This Week

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netgear Xr1000 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical.htm file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical.asp file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM This Month

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos Space
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Loadmaster
NVD
EPSS 21% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac1206 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 6.7
MEDIUM This Month

VMware NSX contains a command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
EPSS 82% CVSS 9.3
CRITICAL Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
EPSS 98% CVSS 9.9
CRITICAL POC KEV THREAT Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
EPSS 1% CVSS 8.0
HIGH This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Telerik Reporting
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection C Mor Video Surveillance
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Code for Linux Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Visual Studio Code
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Microsoft Azure Command Line Interface +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

DeepSpeed Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Deepspeed
NVD
EPSS 63% CVSS 7.2
HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +1
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Sinec Security Monitor
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection +1
NVD WPScan
EPSS 0% CVSS 7.3
HIGH This Week

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Elsight - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 15% CVSS 8.5
HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
EPSS 1% CVSS 8.0
HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Command Injection +1
NVD VulDB
EPSS 24% CVSS 8.0
HIGH This Week

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3910 Firmware
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zimbra Collaboration Suite
NVD
EPSS 53% CVSS 9.8
CRITICAL Act Now

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Video Communication Server
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nexus Dashboard Fabric Controller
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Logicytics is designed to harvest and collect data for forensic analysis. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Logicytics
NVD GitHub
EPSS 1% CVSS 5.6
MEDIUM POC This Month

PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
Prev Page 36 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy