Total
798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-29 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2024-37782 | 2024-11-27 | N/A | 9.8 CRITICAL | ||
| An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. | |||||
| CVE-2024-33439 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. | |||||
| CVE-2024-29292 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. | |||||
| CVE-2024-11320 | 1 Pandorafms | 1 Pandora Fms | 2024-11-26 | N/A | 9.8 CRITICAL |
| Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 | |||||
| CVE-2024-28729 | 1 Dlink | 2 Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | N/A | 9.8 CRITICAL |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | |||||
| CVE-2024-51151 | 1 Dlink | 2 Di-8200, Di-8200 Firmware | 2024-11-22 | N/A | 9.8 CRITICAL |
| D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. | |||||
| CVE-2024-4884 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | |||||
| CVE-2024-4883 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | |||||
| CVE-2024-4078 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed. | |||||
| CVE-2024-41319 | 1 Totolink | 2 A6000r, A6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | |||||
| CVE-2024-3871 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. | |||||
| CVE-2024-39914 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | |||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | |||||
| CVE-2024-37091 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | |||||
| CVE-2024-34792 | 1 Dextaz Ping Project | 1 Dextaz Ping | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65. | |||||
| CVE-2024-32766 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2024-32027 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | |||||
| CVE-2024-32026 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | |||||
| CVE-2024-32025 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | |||||