Total
5656 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2251 | 1 Gitlab | 1 Runner | 2025-04-08 | 4.8 Medium |
| Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. | ||||
| CVE-2024-30645 | 1 Tenda | 3 Ac15, Ac15 Firmware, Ac15v1.0 Firmware | 2025-04-08 | 8 High |
| Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | ||||
| CVE-2024-27521 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-04-08 | 8.0 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root"). | ||||
| CVE-2022-42279 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-04-07 | 7.2 High |
| NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | ||||
| CVE-2024-57023 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57024 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. | ||||
| CVE-2024-57025 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. | ||||
| CVE-2022-42289 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-04-07 | 7.2 High |
| NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | ||||
| CVE-2022-42290 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-04-07 | 7.2 High |
| NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | ||||
| CVE-2025-25579 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-07 | 9.8 Critical |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. | ||||
| CVE-2023-43892 | 1 Netis-systems | 2 N3m, N3m Firmware | 2025-04-04 | 9.8 Critical |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | ||||
| CVE-2022-29843 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2025-04-04 | 6.2 Medium |
| A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. | ||||
| CVE-2023-22279 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2025-04-04 | 9.8 Critical |
| MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2023-22304 | 1 Pixela | 2 Pix-rt100, Pix-rt100 Firmware | 2025-04-04 | 8 High |
| OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. | ||||
| CVE-2023-22280 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2025-04-04 | 7.2 High |
| MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | ||||
| CVE-2022-47853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-04 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | ||||
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2025-04-04 | 7.4 High |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | ||||
| CVE-2024-34921 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 8.8 High |
| TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. | ||||
| CVE-2024-42740 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 6.8 Medium |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 7.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||