Total
5100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57687 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 9.8 Critical |
| An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter. | ||||
| CVE-2025-25039 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | 4.7 Medium |
| A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | ||||
| CVE-2024-54181 | 2 Ibm, Linux | 2 Websphere Automation, Linux Kernel | 2025-03-28 | 7.2 High |
| IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | 9.8 Critical |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | ||||
| CVE-2022-48107 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2025-03-28 | 9.8 Critical |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | ||||
| CVE-2022-48072 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | 7.8 High |
| Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | ||||
| CVE-2022-48070 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | 7.8 High |
| Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | ||||
| CVE-2022-48069 | 1 Totolink | 2 A830r, A830r Firmware | 2025-03-28 | 7.5 High |
| Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | ||||
| CVE-2022-40969 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2025-03-27 | 8.8 High |
| An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2025-03-27 | 7.4 High |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | ||||
| CVE-2023-23076 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-03-27 | 9.8 Critical |
| OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | ||||
| CVE-2022-48624 | 2 Greenwoodsoftware, Redhat | 4 Less, Enterprise Linux, Logging and 1 more | 2025-03-27 | 7.8 High |
| close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||||
| CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-03-27 | 8.8 High |
| D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | ||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | 7.4 High |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | ||||
| CVE-2022-25906 | 1 Is-http2 Project | 1 Is-http2 | 2025-03-26 | 7.4 High |
| All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. | ||||
| CVE-2023-23692 | 1 Dell | 1 Emc Data Domain Os | 2025-03-26 | 8.8 High |
| Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | ||||
| CVE-2022-34447 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-26 | 7.2 High |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. | ||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | 7.4 High |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25853 | 1 Semver-tags Project | 1 Semver-tags | 2025-03-25 | 7.4 High |
| All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | ||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | 9.8 Critical |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||