Skip to main content

Command Injection

7748 CVEs technique

Monthly

CVE-2024-3995 LOW Monitor

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Rated low severity (CVSS 2.0). No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 4.0
2.0
EPSS
0.6%
CVE-2024-39351 HIGH This Week

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-39209 MEDIUM This Month

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
CVSS 3.1
6.3
EPSS
1.0%
CVE-2024-36073 HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-4578 HIGH This Week

This Advisory describes an issue that impacts Arista Wireless Access Points. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-39373 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
1.2%
CVE-2024-37140 HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-5181 CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the mudler/localai version 2.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Localai
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2024-4884 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2024-4883 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
64.8%
CVE-2024-6257 Go HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection Go Getter
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-4639 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4638 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Us Firmware Oncell G3470A Lte Us T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38903 MEDIUM POC This Month

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Magic R230 Firmware
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2024-38896 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-38894 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-37678 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Command Injection Finesoft
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-4748 HIGH This Week

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cruddiy
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-37091 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Consulting Elementor Widgets
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-24551 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.8%
CVE-2024-24550 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.7%
CVE-2024-6269 MEDIUM POC THREAT This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
20.6%
CVE-2024-37626 HIGH POC This Week

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A6000R Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-6187 MEDIUM POC This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.6%
CVE-2024-6186 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.7%
CVE-2024-6185 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.1%
CVE-2024-6184 MEDIUM POC This Month

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.7%
CVE-2024-6048 CRITICAL Act Now

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6047 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Dsp Lpr Firmware Gv Bx130 Firmware Gv Bx1500 Firmware Gv Cb220 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2024-37642 CRITICAL POC THREAT Act Now

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-31162 HIGH This Week

The specific function parameter of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-27172 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
9.8
EPSS
26.8%
CVE-2024-4696 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Command Injection Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36103 MEDIUM This Month

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-36360 CRITICAL Act Now

OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-35306 HIGH This Week

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. Rated high severity (CVSS 8.7). No vendor patch available.

PHP Command Injection Pandora Fms
NVD
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-35304 CRITICAL Act Now

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-5785 HIGH This Week

Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-4577 CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP Microsoft Fedora
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-37570 HIGH POC This Week

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37569 HIGH POC This Week

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-5585 HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-37385 CRITICAL PATCH Act Now

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Microsoft Webmail
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2359 CRITICAL POC Act Now

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-1881 CRITICAL PATCH Act Now

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-1880 HIGH POC PATCH This Week

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Command Injection RCE Autogpt Classic
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-0520 PyPI HIGH POC PATCH This Week

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Command Injection Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-3104 CRITICAL POC PATCH Act Now

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-30368 HIGH This Week

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Advanced Core Operating System
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-36394 CRITICAL Act Now

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sysaid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36604 CRITICAL POC Act Now

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection O3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-34792 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.65. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dextaz Ping
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-5421 HIGH POC This Week

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.1.22 and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
3.7%
CVE-2024-4253 PyPI CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gradio
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-29973 CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
86.1%
CVE-2024-29972 CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
89.2%
CVE-2024-36783 CRITICAL Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-32850 CRITICAL Act Now

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-2421 CRITICAL Act Now

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lenels2 Netbox
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-35401 MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-34852 MEDIUM POC This Month

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
1.6%
CVE-2024-35397 HIGH Act Now

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.0% and no vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
19.0%
CVE-2024-5411 HIGH POC THREAT This Week

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
8.7
EPSS
23.4%
CVE-2024-28886 HIGH This Week

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2024-5035 HIGH This Week

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.8
EPSS
3.2%
CVE-2024-5403 HIGH This Week

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5400 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific CGI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5399 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5355 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aj Report
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
3.2%
CVE-2024-5340 MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 E20C Firmware Rg Uac 6000 E20M Firmware Rg Uac 6000 E50 Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.9%
CVE-2024-5339 MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.9%
CVE-2024-5338 MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
7.9%
CVE-2024-5337 MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
9.0%
CVE-2024-5336 MEDIUM This Month

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
9.0%
CVE-2024-35374 PyPI CRITICAL POC PATCH Act Now

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Mocodo Online
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-35340 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2024-35339 CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda RCE Fh1206 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-5297 HIGH This Week

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2024-5295 HIGH This Week

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE G416 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-5291 HIGH This Week

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dir 2150 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2024-5227 HIGH This Week

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

TP-Link Command Injection RCE Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31843 MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Embrace
NVD
CVSS 3.1
4.1
EPSS
0.5%
CVE-2024-5241 MEDIUM This Month

A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
1.9%
CVE-2024-4267 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Webui
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-5196 MEDIUM This Month

A vulnerability classified as critical has been found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
4.2%
CVE-2024-5195 MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
4.2%
CVE-2024-5194 MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.6%
CVE-2024-33529 HIGH POC PATCH This Week

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ilias
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-0401 HIGH This Week

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-36053 CRITICAL Act Now

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
EPSS 1% CVSS 2.0
LOW Monitor

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Rated low severity (CVSS 2.0). No vendor patch available.

Code Injection Command Injection RCE
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Synology Bc500 Firmware +1
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 0% CVSS 8.4
HIGH This Week

This Advisory describes an issue that impacts Arista Wireless Access Points. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Markoni D Compact Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the mudler/localai version 2.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Localai
NVD GitHub
EPSS 24% CVSS 9.8
CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
EPSS 65% CVSS 9.8
CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Eu Firmware +2
NVD
EPSS 0% CVSS 4.1
MEDIUM POC This Month

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Magic R230 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Command Injection +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cruddiy
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Consulting Elementor Widgets
NVD
EPSS 1% CVSS 8.9
HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD
EPSS 1% CVSS 8.9
HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD
EPSS 21% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A6000R Firmware
NVD GitHub VulDB
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
EPSS 9% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
EPSS 9% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
EPSS 10% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 10% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Dsp Lpr Firmware Gv Bx130 Firmware +18
NVD
EPSS 11% CVSS 9.1
CRITICAL POC THREAT Act Now

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 814Dap Firmware
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

The specific function parameter of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 27% CVSS 9.8
CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Command Injection Lenovo
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.7
HIGH This Week

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. Rated high severity (CVSS 8.7). No vendor patch available.

PHP Command Injection Pandora Fms
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 6869I Sip Firmware
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection 6869I Sip Firmware
NVD GitHub
EPSS 29% CVSS 8.8
HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Microsoft Webmail
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Web Ui
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Autogpt Classic
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Command Injection RCE +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Denial Of Service +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Advanced Core Operating System
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sysaid
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection O3 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.65. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dextaz Ping
NVD
EPSS 4% CVSS 8.7
HIGH POC This Week

Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.1.22 and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gradio
NVD GitHub
EPSS 86% CVSS 9.8
CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nas326 Firmware +1
NVD
EPSS 89% CVSS 9.8
CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nas326 Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lenels2 Netbox
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
EPSS 2% CVSS 6.3
MEDIUM POC This Month

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD GitHub
EPSS 19% CVSS 8.8
HIGH Act Now

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.0% and no vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
EPSS 23% CVSS 8.7
HIGH POC THREAT This Week

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
EPSS 1% CVSS 8.4
HIGH This Week

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific CGI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aj Report
NVD VulDB GitHub
EPSS 8% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 E20C Firmware +26
NVD GitHub VulDB
EPSS 8% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware +26
NVD GitHub VulDB
EPSS 8% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware +26
NVD GitHub VulDB
EPSS 9% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware +26
NVD GitHub VulDB
EPSS 9% CVSS 5.1
MEDIUM This Month

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware +26
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.6
HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

TP-Link Command Injection RCE +1
NVD
EPSS 1% CVSS 4.1
MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Embrace
NVD
EPSS 2% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD VulDB GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Webui
NVD
EPSS 4% CVSS 5.1
MEDIUM This Month

A vulnerability classified as critical has been found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD VulDB GitHub
EPSS 4% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
EPSS 4% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Arris VAP2500 08.50. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Vap2500 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ilias
NVD
EPSS 1% CVSS 7.2
HIGH This Week

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
Prev Page 40 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy