Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
| SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | |||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | |||||
| CVE-2021-31575 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||
| CVE-2021-31574 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||
| CVE-2021-31573 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||
| CVE-2023-24276 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-24331 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter. | |||||
| CVE-2022-43550 | 2 Jitsi, Microsoft | 2 Jitsi, Windows | 2025-03-25 | N/A | 9.8 CRITICAL |
| A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. | |||||
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2025-03-24 | N/A | 9.1 CRITICAL |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2025-1497 | 1 Mljar | 1 Plotai | 2025-03-24 | N/A | 9.8 CRITICAL |
| A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability. | |||||
| CVE-2022-40022 | 1 Microchip | 2 Syncserver S650, Syncserver S650 Firmware | 2025-03-21 | N/A | 9.8 CRITICAL |
| Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | |||||
| CVE-2023-24161 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||||
| CVE-2023-24160 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||||
| CVE-2023-24159 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-20 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | |||||
| CVE-2024-9070 | 2025-03-20 | N/A | 9.8 CRITICAL | ||
| A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and arbitrary code execution. | |||||
| CVE-2024-10190 | 2025-03-20 | N/A | 9.8 CRITICAL | ||
| Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the `ElasticRendezvousHandler`, a subclass of `KVStoreHandler`. Specifically, the `_put_value` method in `ElasticRendezvousHandler` calls `codec.loads_base64(value)`, which eventually invokes `cloudpickle.loads(decoded)`. This allows an attacker to send a malicious pickle object via a PUT request, leading to arbitrary code execution on the server. | |||||
| CVE-2024-27981 | 2025-03-18 | N/A | 9.8 CRITICAL | ||
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later. | |||||
| CVE-2023-24238 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-24236 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||||
| CVE-2022-40021 | 1 Qvidium | 2 Amino A140, Amino A140 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | |||||