Total
5072 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17888 | 1 Hoytech | 1 Antiweb | 2025-04-20 | N/A |
| cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2017-1318 | 1 Ibm | 1 Mq Appliance | 2025-04-20 | N/A |
| IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | ||||
| CVE-2022-48684 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-18 | 8.4 High |
| An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user. | ||||
| CVE-2023-50651 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-17 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | ||||
| CVE-2023-50094 | 1 Yogeshojha | 1 Rengine | 2025-04-17 | 8.8 High |
| reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. | ||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-04-17 | 7.8 High |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | ||||
| CVE-2022-24377 | 1 Cycle-import-check Project | 1 Cycle-import-check | 2025-04-17 | 7.4 High |
| The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. | ||||
| CVE-2023-52310 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-17 | 9.6 Critical |
| PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2025-04-17 | 8.8 High |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | ||||
| CVE-2023-41288 | 1 Qnap | 1 Video Station | 2025-04-17 | 8.8 High |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | ||||
| CVE-2024-0296 | 1 Totolink | 2 N200re, N200re Firmware | 2025-04-17 | 7.3 High |
| A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-44456 | 1 Contec | 1 Conprosys Hmi System | 2025-04-17 | 9.8 Critical |
| CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | ||||
| CVE-2022-43466 | 1 Buffalo | 20 Wex-1800ax4, Wex-1800ax4 Firmware, Wex-1800ax4ea and 17 more | 2025-04-17 | 6.8 Medium |
| OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | ||||
| CVE-2022-43443 | 1 Buffalo | 22 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-2533dhp and 19 more | 2025-04-17 | 8 High |
| OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | ||||
| CVE-2022-45942 | 1 Baijiacms Project | 1 Baijiacms | 2025-04-17 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | ||||
| CVE-2022-40624 | 1 Pfsense | 1 Pfblockerng | 2025-04-17 | 9.8 Critical |
| pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | ||||
| CVE-2022-46538 | 1 Tenda | 2 F1203, F1203 Firmware | 2025-04-16 | 9.8 Critical |
| Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | ||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.8 High |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | ||||
| CVE-2022-2253 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2025-04-16 | 9.1 Critical |
| A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. | ||||