Skip to main content

Command Injection

7748 CVEs technique

Monthly

CVE-2024-7203 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42060 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42059 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42057 HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-44916 HIGH POC This Week

Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Seacms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-8234 CRITICAL POC Act Now

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nwaw1100 N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.4%
CVE-2024-43804 HIGH POC This Week

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Command Injection Nginx Roxy Wi
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-42905 CRITICAL Act Now

Beijing Digital China Cloud Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2024-20289 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-8214 MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.2%
CVE-2024-8213 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.2%
CVE-2024-8212 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-8211 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.4%
CVE-2024-8210 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-44342 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-44341 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-44340 HIGH POC This Week

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-41622 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-8073 CRITICAL Act Now

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.5R6-2.6.7 through 5.5R6-2.8.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Web Application Firewall
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-8134 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8133 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8132 MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
23.4%
CVE-2024-8131 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.2%
CVE-2024-8130 MEDIUM POC This Month

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8129 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
22.9%
CVE-2024-8128 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.0%
CVE-2024-8127 MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.7%
CVE-2024-44382 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-44381 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42636 HIGH This Week

DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-8077 MEDIUM POC This Month

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.9%
CVE-2024-8075 MEDIUM This Month

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.9%
CVE-2024-7110 MEDIUM This Month

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7448 HIGH This Week

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Google Axiom
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-43027 HIGH POC This Week

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-43249 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection File Upload Bit Form
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-42633 HIGH POC This Week

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-7922 MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.5%
CVE-2024-7907 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.2%
CVE-2024-7897 MEDIUM This Month

A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Online Store Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.6%
CVE-2024-7896 MEDIUM This Month

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Online Store Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.2%
CVE-2024-42634 CRITICAL POC Act Now

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-42757 CRITICAL Act Now

Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-42978 CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-42947 CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-7833 MEDIUM This Month

A vulnerability was found in D-Link DI-8100 16.07. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.7%
CVE-2024-42360 Ruby CRITICAL PATCH Act Now

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Sequenceserver
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5914 HIGH This Week

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Cortex Xsoar Commonscripts
NVD
CVSS 4.0
7.0
EPSS
1.2%
CVE-2024-39402 PHP HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce Magento
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2024-39401 PHP HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce Magento
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2024-7728 HIGH This Week

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-42740 MEDIUM POC This Month

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.8%
CVE-2024-42739 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42738 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-42737 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42736 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-7715 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
25.1%
CVE-2024-42748 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42747 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-42745 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42744 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42743 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-42742 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42741 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-40893 MEDIUM This Month

Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2024-7700 MEDIUM This Month

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Foreman
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-42482 MEDIUM PATCH This Month

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Syntax Check
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-39091 HIGH This Week

An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Crater 2 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-6917 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.010.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Order Management
NVD VulDB
CVSS 4.0
10.0
EPSS
1.6%
CVE-2024-7616 MEDIUM This Month

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ic 6220Dc Firmware Ic 5150W Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
4.7%
CVE-2024-42370 HIGH This Week

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-42167 HIGH POC This Week

The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Keyrock
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-42166 HIGH POC This Week

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Keyrock
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-37023 CRITICAL Act Now

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Var1200 H Firmware Var1200 L Firmware Var600 H Firmware Vap11Ac Firmware +10
NVD
CVSS 4.0
9.4
EPSS
1.3%
CVE-2024-22122 CRITICAL Act Now

Zabbix allows to configure SMS notifications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zabbix
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-21880 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
CVSS 4.0
8.6
EPSS
2.3%
CVE-2024-21879 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
CVSS 4.0
8.7
EPSS
2.5%
CVE-2024-21878 CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
CVSS 4.0
9.2
EPSS
1.4%
CVE-2024-3659 CRITICAL Act Now

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ar2140 Firmware
NVD
CVSS 4.0
10.0
EPSS
1.6%
CVE-2024-7580 MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.9%
CVE-2024-7579 MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.4%
CVE-2024-28739 HIGH POC THREAT This Week

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Koha
NVD
CVSS 3.1
7.2
EPSS
17.7%
CVE-2024-39228 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23483 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-7397 CRITICAL Act Now

Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-7470 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7469 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7468 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7467 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
23.4%
CVE-2024-7464 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.9%
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Seacms
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nwaw1100 N Firmware
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Command Injection +2
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL Act Now

Beijing Digital China Cloud Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware +19
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware +19
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware +19
NVD GitHub VulDB
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware +19
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware +19
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.5R6-2.6.7 through 5.5R6-2.8.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Web Application Firewall
NVD
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 23% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 23% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware +19
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Dedecms
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Command Injection
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Google +1
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection File Upload Bit Form
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1500 Firmware
NVD GitHub
EPSS 19% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 120 Firmware +19
NVD GitHub VulDB
EPSS 6% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Online Store Management System
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Online Store Management System
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
EPSS 5% CVSS 5.3
MEDIUM This Month

A vulnerability was found in D-Link DI-8100 16.07. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Sequenceserver
NVD GitHub
EPSS 1% CVSS 7.0
HIGH This Week

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Cortex Xsoar Commonscripts
NVD
EPSS 2% CVSS 8.4
HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection +2
NVD
EPSS 2% CVSS 8.4
HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 6.8
MEDIUM POC This Month

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 25% CVSS 5.3
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM This Month

Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Foreman
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Syntax Check
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Crater 2 Firmware
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.010.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Order Management
NVD VulDB
EPSS 5% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ic 6220Dc Firmware Ic 5150W Firmware
NVD VulDB
EPSS 1% CVSS 8.3
HIGH This Week

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Keyrock
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Keyrock
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Var1200 H Firmware Var1200 L Firmware +12
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Zabbix allows to configure SMS notifications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zabbix
NVD
EPSS 2% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
EPSS 2% CVSS 8.7
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
EPSS 1% CVSS 9.2
CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Iq Gateway Firmware
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ar2140 Firmware
NVD
EPSS 9% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
EPSS 18% CVSS 7.2
HIGH POC THREAT This Week

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Koha
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware +26
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 25% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware +3
NVD GitHub VulDB
EPSS 25% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware +3
NVD GitHub VulDB
EPSS 25% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware +3
NVD GitHub VulDB
EPSS 23% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware +3
NVD GitHub VulDB
EPSS 20% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware
NVD GitHub VulDB
Prev Page 38 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy