Total
4938 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | ||||
| CVE-2022-0841 | 1 Npm-lockfile Project | 1 Npm-lockfile | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | ||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-11-21 | 6.7 Medium |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | ||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.2 High |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2024-11-21 | 4.6 Medium |
| A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 8.8 High |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | ||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | ||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | ||||
| CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2024-11-21 | 9.8 Critical |
| In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. | ||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 8.8 High |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | ||||
| CVE-2021-46422 | 1 Telesquare | 2 Sdt-cs3b1, Sdt-cs3b1 Firmware | 2024-11-21 | 9.8 Critical |
| Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | ||||
| CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | ||||
| CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | ||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | ||||
| CVE-2021-46007 | 1 Totolink | 2 Ar3100r, Ar3100r Firmware | 2024-11-21 | 9.8 Critical |
| totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. | ||||
| CVE-2021-45987 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 9.8 Critical |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. | ||||
| CVE-2021-45986 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 9.8 Critical |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. | ||||
| CVE-2021-45979 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 7.8 High |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | ||||
| CVE-2021-45978 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 7.8 High |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. | ||||
| CVE-2021-45966 | 1 Pascom | 1 Cloud Phone System | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. | ||||