Skip to main content

Command Injection

7748 CVEs technique

Monthly

CVE-2024-23924 MEDIUM This Month

Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-33368 HIGH This Week

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Rpshare
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-46257 MEDIUM POC PATCH This Month

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Command Injection RCE Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
6.3
EPSS
1.3%
CVE-2024-46256 CRITICAL POC PATCH Act Now

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nginx Proxy Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-46628 CRITICAL POC THREAT Act Now

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.3%
CVE-2024-45989 MEDIUM This Month

Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-39577 HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-9166 CRITICAL POC Act Now

The device enables an unauthorized attacker to execute system commands with elevated privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.6%
CVE-2024-46330 HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-46329 HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-8405 MEDIUM This Month

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Denial Of Service Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44678 HIGH This Week

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-7679 HIGH This Week

In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-7575 CRITICAL Act Now

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45066 CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-43693 CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-42507 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42506 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42505 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-0005 HIGH This Week

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45348 HIGH This Week

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ax9000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9076 MEDIUM POC THREAT This Month

A vulnerability was found in DedeCMS up to 5.7.115. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Dedecms
NVD VulDB
CVSS 4.0
5.1
EPSS
20.8%
CVE-2024-47219 Go CRITICAL PATCH Act Now

An issue was discovered in vesoft NebulaGraph through 3.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Command Injection RCE Nebulagraph Database
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-9004 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
16.2%
CVE-2024-9001 MEDIUM POC This Month

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.0%
CVE-2024-47001 HIGH This Week

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-43778 HIGH This Week

OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-41929 HIGH This Week

Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8957 HIGH POC KEV THREAT This Week

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
CVSS 3.1
7.2
EPSS
82.0%
CVE-2024-45682 CRITICAL Act Now

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Proroute H685T W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-42503 HIGH This Week

Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-42502 HIGH This Week

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-7387 Go CRITICAL Act Now

A flaw was found in openshift/builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Path Traversal Docker
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-45698 CRITICAL Act Now

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-8869 LOW Monitor

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection A720R Firmware
NVD VulDB
CVSS 4.0
2.3
EPSS
1.7%
CVE-2024-8281 HIGH This Week

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-8280 HIGH This Week

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-8279 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-8278 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-42025 HIGH This Week

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ubiquiti Unifi Network Application
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-46048 CRITICAL POC THREAT Act Now

Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh451 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%
CVE-2024-8640 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6658 MEDIUM This Month

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-45824 CRITICAL Act Now

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal XSS Command Injection Factorytalk View
NVD
CVSS 4.0
9.2
EPSS
1.3%
CVE-2024-8688 MEDIUM This Month

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 4.0
6.7
EPSS
0.2%
CVE-2024-8686 HIGH This Week

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 4.0
8.6
EPSS
1.4%
CVE-2024-44577 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-44574 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-44572 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-44570 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-20483 HIGH This Week

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Command Injection Docker Ios Xr
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-20398 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44466 CRITICAL POC THREAT Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-6091 PyPI CRITICAL POC PATCH Act Now

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-8190 HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
89.0%
CVE-2024-8504 HIGH POC THREAT Act Now

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
75.4%
CVE-2024-44667 HIGH This Week

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-38228 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2024-38227 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
8.2%
CVE-2024-33508 HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient Enterprise Management Server
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2024-7699 HIGH This Week

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-43387 HIGH This Week

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43386 HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-43385 HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-42427 HIGH This Week

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Wyse Thinos
NVD
CVSS 3.1
7.6
EPSS
1.1%
CVE-2024-44072 MEDIUM This Month

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-6342 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-44411 CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE D-Link Di 8300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2024-44410 CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-44335 HIGH This Week

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-44334 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
31.8%
CVE-2024-44333 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-8574 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-44845 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-44844 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-38641 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 4.0
7.3
EPSS
0.5%
CVE-2024-21906 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2024-21903 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2024-21898 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-8517 CRITICAL POC THREAT Emergency

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload Spip
NVD
CVSS 3.1
9.8
EPSS
94.6%
CVE-2024-44402 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-44401 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-38486 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-7591 HIGH POC PATCH THREAT This Week

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Loadmaster Multi Tenant Hypervisor Firmware
NVD
CVSS 3.1
7.2
EPSS
44.1%
CVE-2024-20469 MEDIUM This Month

A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-43405 Go HIGH PATCH This Week

Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nuclei
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-43402 HIGH PATCH This Week

Rust is a programming language. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Rust
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-44400 CRITICAL POC THREAT Act Now

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 8400 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2024-44383 MEDIUM POC This Month

WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fbm 291W Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-7261 CRITICAL Act Now

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nwa110Ax Firmware Nwa1123 Ac Pro Firmware Nwa1123Acv3 Firmware +26
NVD
CVSS 3.1
9.8
EPSS
11.3%
EPSS 1% CVSS 6.8
MEDIUM This Month

Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Rpshare
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Command Injection RCE +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nginx Proxy Manager
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 2% CVSS 9.3
CRITICAL POC Act Now

The device enables an unauthorized attacker to execute system commands with elevated privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.4
HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
EPSS 1% CVSS 8.0
HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Denial Of Service Microsoft +2
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Purity Fa Purity Fb
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ax9000 Firmware
NVD
EPSS 21% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in DedeCMS up to 5.7.115. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Dedecms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in vesoft NebulaGraph through 3.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Command Injection RCE +1
NVD GitHub
EPSS 16% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection +1
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection
NVD
EPSS 82% CVSS 7.2
HIGH POC KEV THREAT This Week

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Proroute H685T W Firmware
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A flaw was found in openshift/builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Path Traversal +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir X4860 Firmware
NVD
EPSS 2% CVSS 2.3
LOW Monitor

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection A720R Firmware
NVD VulDB
EPSS 1% CVSS 7.2
HIGH This Week

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ubiquiti Unifi Network Application
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh451 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Command Injection
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 1% CVSS 9.2
CRITICAL Act Now

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal XSS +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Rely Pcie Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Command Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection +1
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
EPSS 89% CVSS 7.2
HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +1
NVD
EPSS 75% CVSS 8.8
HIGH POC THREAT Act Now

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Information Disclosure
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +1
NVD
EPSS 8% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Forticlient Enterprise Management Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware +34
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware +34
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware +34
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware +34
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Wyse Thinos
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nas326 Firmware +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8300 Firmware
NVD GitHub
EPSS 12% CVSS 8.8
HIGH This Week

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
EPSS 32% CVSS 8.8
HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
EPSS 12% CVSS 8.8
HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Command Injection Qnap Qts +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts +1
NVD
EPSS 95% CVSS 9.8
CRITICAL POC THREAT Emergency

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload Spip
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 44% CVSS 7.2
HIGH POC PATCH THREAT This Week

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Loadmaster Multi Tenant Hypervisor Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nuclei
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Rust is a programming language. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Rust
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 8400 Firmware
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC This Month

WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fbm 291W Firmware
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL Act Now

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nwa110Ax Firmware +28
NVD
Prev Page 37 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy