Skip to main content

Command Injection

7748 CVEs technique

Monthly

CVE-2024-7443 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ib8367A Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-7442 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd9364 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-7440 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cc8160 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
2.7%
CVE-2024-7436 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.htm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.8%
CVE-2024-38887 CRITICAL POC Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-42348 HIGH POC This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fogproject
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-38882 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection SQLi Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-33896 HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-7029 HIGH POC THREAT This Week

Commands can be injected over the network and executed without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Avm1203 Firmware
NVD
CVSS 4.0
8.7
EPSS
39.0%
CVE-2024-41956 Go HIGH PATCH This Week

Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-7357 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.7%
CVE-2024-39607 MEDIUM This Month

OS command injection vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-34021 MEDIUM This Month

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection File Upload
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-40895 MEDIUM This Month

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-7215 MEDIUM POC This Month

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.3%
CVE-2024-7214 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.2%
CVE-2024-41637 PHP HIGH This Week

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
0.8%
CVE-2024-7181 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-5670 CRITICAL Act Now

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sn Os
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7175 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-7171 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-7160 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.0%
CVE-2024-7158 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3100R Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-42029 MEDIUM This Month

xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-41815 Cargo HIGH POC PATCH This Week

Starship is a cross-shell prompt. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Starship
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-38512 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38511 HIGH This Week

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38510 HIGH This Week

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-38508 HIGH This Week

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-7120 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD VulDB
CVSS 4.0
5.3
EPSS
93.4%
CVE-2024-41473 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.7%
CVE-2024-41468 CRITICAL Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2024-24623 HIGH This Week

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-24622 HIGH This Week

Softaculous Webuzo contains a command injection in the password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-38288 HIGH POC This Week

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Turbomeeting
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2024-41136 HIGH This Week

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-41135 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-41134 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-41133 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-39345 HIGH This Week

AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-31977 HIGH This Week

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos 834 5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-7066 MEDIUM POC This Month

A vulnerability was found in F-logic DataCube3 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
3.4%
CVE-2024-41319 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2024-39686 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-39685 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-41320 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-41318 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-41317 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-41316 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-41315 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-41314 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-37391 HIGH PATCH This Week

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Protonvpn
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39906 HIGH This Week

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-39963 HIGH POC This Week

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ax9 Firmware Ax12 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-37066 HIGH POC This Week

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cam V4 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-34013 HIGH This Week

Local privilege escalation due to OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Privilege Escalation
NVD VulDB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-40641 Go HIGH POC PATCH This Week

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-36491 CRITICAL Act Now

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-36475 HIGH This Week

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-29737 Maven MEDIUM PATCH This Month

In streampark, the project module integrates Maven's compilation capabilities. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Streampark
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-38492 CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-30213 HIGH This Week

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-40110 CRITICAL POC Act Now

Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Poultry Farm Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-39914 CRITICAL POC PATCH THREAT Act Now

FOG is a cloning/imaging/rescue suite/inventory management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Fogproject
NVD GitHub
CVSS 3.1
9.8
EPSS
23.4%
CVE-2024-39524 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39523 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39522 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39521 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39520 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-3799 HIGH This Week

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
14.6%
CVE-2024-3798 HIGH This Week

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39571 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Server
NVD
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-39570 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Server
NVD
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-39569 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Client
NVD
CVSS 4.0
7.5
EPSS
1.0%
CVE-2024-39568 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Client
NVD
CVSS 4.0
8.5
EPSS
0.9%
CVE-2024-39567 HIGH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sinema Remote Connect Client
NVD
CVSS 4.0
8.5
EPSS
0.9%
CVE-2024-28750 HIGH This Week

A remote attacker with high privileges may use a deleting file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-28749 HIGH This Week

A remote attacker with high privileges may use a writing file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-28748 HIGH This Week

A remote attacker with high privileges may use a reading file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-4944 HIGH This Week

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Command Injection Microsoft Mobile Vpn With Ssl
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39202 HIGH POC This Week

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823X Ax3000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-39028 CRITICAL POC Act Now

An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-38346 CRITICAL Act Now

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-39943 npm HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js Http File Server
NVD GitHub
CVSS 3.1
8.8
EPSS
48.5%
CVE-2024-39935 HIGH PATCH This Week

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-6507 HIGH This Week

Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-38471 MEDIUM This Month

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-32937 CRITICAL POC THREAT Act Now

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gxp2135 Firmware
NVD
CVSS 3.1
9.8
EPSS
26.3%
CVE-2024-5672 HIGH This Week

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-36983 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
1.0%
EPSS 3% CVSS 5.3
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ib8367A Firmware
NVD VulDB
EPSS 3% CVSS 5.3
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd9364 Firmware
NVD VulDB
EPSS 3% CVSS 5.3
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cc8160 Firmware
NVD VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.htm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Caterease
NVD VulDB
EPSS 1% CVSS 8.6
HIGH POC This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fogproject
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection SQLi Caterease
NVD VulDB
EPSS 4% CVSS 7.2
HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
EPSS 39% CVSS 8.7
HIGH POC THREAT This Week

Commands can be injected over the network and executed without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Avm1203 Firmware
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 6% CVSS 5.3
MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

OS command injection vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection File Upload
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200 Firmware
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.3
HIGH This Week

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sn Os
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3100R Firmware
NVD GitHub VulDB
EPSS 1% CVSS 6.3
MEDIUM This Month

xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

Starship is a cross-shell prompt. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Starship
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 93% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware +3
NVD VulDB
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Softaculous Webuzo contains a command injection in the password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Turbomeeting
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Edgeconnect Sd Wan Orchestrator
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
EPSS 1% CVSS 7.2
HIGH This Week

AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos 834 5 Firmware
NVD GitHub
EPSS 3% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in F-logic DataCube3 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD VulDB
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Protonvpn
NVD GitHub
EPSS 1% CVSS 8.3
HIGH This Week

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 2% CVSS 8.0
HIGH POC This Week

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ax9 Firmware Ax12 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cam V4 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation due to OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware +20
NVD
EPSS 1% CVSS 8.8
HIGH This Week

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware +20
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

In streampark, the project module integrates Maven's compilation capabilities. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Streampark
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD GitHub
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

FOG is a cloning/imaging/rescue suite/inventory management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Fogproject
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
EPSS 15% CVSS 8.7
HIGH This Week

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Command Injection
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Server
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Client
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Sinema Remote Connect Client
NVD
EPSS 1% CVSS 8.5
HIGH This Week

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sinema Remote Connect Client
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A remote attacker with high privileges may use a deleting file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A remote attacker with high privileges may use a writing file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A remote attacker with high privileges may use a reading file function to inject OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Command Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823X Ax3000 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD
EPSS 48% CVSS 8.8
HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Nginx Nginx Proxy Manager
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection
NVD
EPSS 26% CVSS 9.8
CRITICAL POC THREAT Act Now

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gxp2135 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Splunk +1
NVD
Prev Page 39 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy