Total
2968 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5675 | 1 Embedthis | 1 Goahead | 2025-04-20 | N/A |
| A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. | ||||
| CVE-2017-8134 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | ||||
| CVE-2017-8197 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | N/A |
| FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. | ||||
| CVE-2016-9683 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | N/A |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. | ||||
| CVE-2017-8133 | 1 Huawei | 1 Neteco | 2025-04-20 | N/A |
| Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted. | ||||
| CVE-2016-9554 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account. | ||||
| CVE-2017-8132 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | ||||
| CVE-2022-45796 | 1 Sharp | 316 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 313 more | 2025-04-17 | 9.1 Critical |
| Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2024-56087 | 1 Logpoint | 1 Siem | 2025-04-17 | 5.9 Medium |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | ||||
| CVE-2024-56086 | 1 Logpoint | 1 Siem | 2025-04-17 | 7.1 High |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | ||||
| CVE-2024-56085 | 1 Logpoint | 1 Siem | 2025-04-17 | 5.9 Medium |
| An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | ||||
| CVE-2022-46421 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2025-04-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. | ||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.8 High |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | ||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2025-04-16 | 9.9 Critical |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | ||||
| CVE-2022-3086 | 1 Moxa | 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more | 2025-04-16 | 7.1 High |
| Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-32933 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 10 Critical |
| An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | ||||
| CVE-2022-22744 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-16 | 8.8 High |
| The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2025-04-16 | 9.8 Critical |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2024-0817 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-16 | 7.8 High |
| Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | ||||
| CVE-2020-15685 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2025-04-16 | 8.8 High |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | ||||