Total
3944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39402 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | N/A | 8.4 HIGH |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. | |||||
| CVE-2024-7728 | 2024-08-14 | N/A | 7.2 HIGH | ||
| The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server. | |||||
| CVE-2024-39091 | 1 Annke | 2 Crater 2, Crater 2 Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. | |||||
| CVE-2024-42742 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42743 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42737 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-6917 | 1 Veribase | 1 Order Management | 2024-08-13 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | |||||
| CVE-2024-42736 | 2024-08-13 | N/A | 7.8 HIGH | ||
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42740 | 2024-08-13 | N/A | 6.8 MEDIUM | ||
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42745 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42748 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | N/A | 8.8 HIGH |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||||
| CVE-2024-42370 | 2024-08-12 | N/A | 8.3 HIGH | ||
| Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue. | |||||
| CVE-2024-23483 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 9.8 CRITICAL |
| An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | |||||
| CVE-2024-7580 | 1 Alientechnology | 2 Alr-f800, Alr-f800 Firmware | 2024-08-07 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38882 | 2024-08-07 | N/A | 9.8 CRITICAL | ||
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. | |||||
| CVE-2024-7357 | 2024-08-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-7470 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2024-08-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7469 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2024-08-06 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||