Total
794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26822 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-02-11 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | |||||
| CVE-2024-22127 | 1 Sap | 1 Netweaver Application Server Java | 2025-02-07 | N/A | 9.1 CRITICAL |
| SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | |||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | |||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | |||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2022-46640 | 1 Nanoleaf | 1 Nanoleaf Desktop | 2025-02-06 | N/A | 9.8 CRITICAL |
| Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | |||||
| CVE-2024-23346 | 1 Materialsvirtuallab | 1 Pymatgen | 2025-02-05 | N/A | 9.3 CRITICAL |
| Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. | |||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2025-02-05 | N/A | 9.8 CRITICAL |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-27849 | 1 Rails-routes-to-json Project | 1 Rails-routes-to-json | 2025-02-04 | N/A | 9.8 CRITICAL |
| rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2025-02-04 | N/A | 9.8 CRITICAL |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2024-57583 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | |||||
| CVE-2024-0740 | 1 Eclipse | 1 Target Management | 2025-02-03 | N/A | 9.8 CRITICAL |
| Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 | |||||
| CVE-2024-45824 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | N/A | 9.8 CRITICAL |
| CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | |||||
| CVE-2023-30135 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | |||||
| CVE-2023-30353 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | |||||
| CVE-2023-24540 | 1 Golang | 1 Go | 2025-01-24 | N/A | 9.8 CRITICAL |
| Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | |||||
| CVE-2023-31985 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | |||||
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-01-24 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | |||||