Total
2360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31702 | 1 Vmware | 1 Vrealize Network Insight | 2025-04-22 | N/A | 9.8 CRITICAL |
| vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | |||||
| CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||||
| CVE-2024-57536 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.0 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. | |||||
| CVE-2024-57539 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.2 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. | |||||
| CVE-2024-35241 | 2025-04-21 | N/A | 8.8 HIGH | ||
| Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | |||||
| CVE-2025-3816 | 2025-04-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2016-9554 | 1 Sophos | 1 Web Appliance | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account. | |||||
| CVE-2017-13071 | 1 Qnap | 2 Qts, Video Station | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. | |||||
| CVE-2016-10098 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. | |||||
| CVE-2017-12277 | 1 Cisco | 6 Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall, Firepower 4140 Next-generation Firewall and 3 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | |||||
| CVE-2014-4677 | 1 Gpgtools | 1 Libmacgpg | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | |||||
| CVE-2017-1352 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | 6.0 MEDIUM | 5.5 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. | |||||
| CVE-2016-6649 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. | |||||
| CVE-2017-2736 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. | |||||
| CVE-2015-7841 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." | |||||
| CVE-2013-7377 | 1 Codem-transcode Project | 1 Codem-transcode | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. | |||||
| CVE-2017-12341 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072. | |||||
| CVE-2016-0396 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. | |||||
| CVE-2017-8135 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2017-4984 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution. | |||||