Show CWE-78: Improper Neutralization of Special Elements used in an OS C...

	Topic	Date	Author
High	Palo Alto PAN-OS Command Execution / Arbitrary File Creation	25.04.2024	Kr0ff
High	WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)	21.04.2024	tmrswrr
Med.	Ray OS 2.6.3 Command Injection	14.04.2024	Fire_Wolf
High	GUnet OpenEclass E-learning 3.15 File Upload / Command Execution	11.04.2024	Georgios Tsimpidas
High	Circontrol Raption Buffer Overflow / Command Injection	30.03.2024	Dariusz Gonda
High	WatchGuard XTM Firebox Unauthenticated Remote Command Execution	30.03.2024	Charles FOL
Med.	FoF Pretty Mail 1.1.2 Command Injection	30.03.2024	Chokri Hammedi
High	Sharepoint Dynamic Proxy Generator Remote Command Execution	27.03.2024	Jang
High	OpenNMS Horizon 31.0.7 Remote Command Execution	24.03.2024	Erik Wynter
High	SolarView Compact 6.00 Command Injection	20.03.2024	ByteHunter
High	Akaunting 3.1.3 Remote Command Execution	11.03.2024	u32i
High	elFinder Web file manager Version 2.1.53 Remote Command Execution	06.03.2024	tmrswrr
High	Easywall 0.3.1 Authenticated Remote Command Execution	03.03.2024	Melvin Mejia
High	Kafka UI 0.7.1 Command Injection	20.02.2024	h00die-gr3y
High	Typora 1.7.4 Command Injection	02.02.2024	Ahmet Umit Bayram
Med.	7 Sticky Notes 1.9 Command Injection	02.02.2024	Ahmet Umit Bayram
High	Mirth Connect 4.4.0 Remote Command Execution	01.02.2024	r00t
High	Cacti 1.2.24 Authenticated command injection when using SNMP options	29.01.2024	Antonio Francesco Sard...
Med.	Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection	26.01.2024	Valentin Lobstein
High	GL.iNet Unauthenticated Remote Command Execution	25.01.2024	h00die-gr3y
High	Vinchin Backup And Recovery Command Injection	24.12.2023	Valentin Lobstein
High	Atcom 2.7.x.x Command Injection	10.10.2023	Mohammed Adel
High	TOTOLINK Wireless Routers Remote Command Execution	24.09.2023	h00die-gr3y
High	Super Store Finder 3.7 Remote Command Execution	20.09.2023	Etharus
High	OpenTSDB 2.4.1 Unauthenticated Command Injection	10.09.2023	Erik Wynter
Med.	Wp2Fac 1.0 Command Injection	09.09.2023	Ahmet Umit Bayram
Med.	Chamilo 1.11.18 Command Injection	27.08.2023	RandoriSec
High	WordPress Plugin Forminator 1.24.6 Unauthenticated Remote Command Execution	24.08.2023	Mehmet Kelepçe
High	Greenshot 1.3.274 Deserialization / Command Execution	19.08.2023	bwatters-r7
High	Maltrail 0.53 Unauthenticated Command Injection	19.08.2023	Ege Balci
High	RaspAP 2.8.7 Unauthenticated Command Injection	16.08.2023	Ege Balci
High	Emagic Data Center Management Suite 6.0 Remote Command Execution	13.08.2023	thewhiteh4t
High	TP-Link Archer AX21 Command Injection	11.08.2023	Voyag3r
Low	Emagic Data Center Management Suite v6.0 OS Command Injection	08.08.2023	Shubham Pandey & thewh...
High	Eramba 3.19.1 Remote Command Execution	01.08.2023	Sergey Makarov
Med.	Western Digital MyCloud Unauthenticated Command Injection	30.07.2023	Remco Vermeulen
High	VMWare Aria Operations For Networks Remote Command Execution	26.07.2023	h00die
High	pfSense Restore RRD Data Command Injection	15.07.2023	Emir Polat
High	Spring Cloud 3.2.2 Remote Command Execution (RCE)	15.07.2023	GatoGamer1155, 0bfxgh0...
High	DaillyTools Remote Command Execution	11.07.2023	indoushka
Med.	OX App Suite SSRF / Resource Consumption / Command Injection	22.06.2023	Mehmet Ince
Med.	SystemK NVR 504/508/516 Command Injection	19.06.2023	Keniver Wang
High	Oracle Weblogic PreAuth Remote Command Execution	15.06.2023	Grant Willcox
Low	ManageEngine ADManager Plus Command Injection	06.06.2023	Grant Willcox
High	Seagate Central Storage 2015.0916 User Creation / Command Execution	27.05.2023	Ege Balci
High	Advantech EKI-15XX Series Command Injection / Buffer Overflow	13.05.2023	T. Weber
High	Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution	30.04.2023	Matteo Mandolini
Med.	Sophos Web Appliance 4.3.10.4 Pre-auth command injection	25.04.2023	Behnam Abasi Vanda
High	SPIP Remote Command Execution	18.04.2023	coiffeur
High	Altenergy Power Control Software C1.2.5 OS command injection	14.04.2023	Ahmed Alroky
Med.	Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection	10.04.2023	LiquidWorm
Med.	pdfkit v0.8.7.2 Command Injection	07.04.2023	UNICORD (NicPWNs & Dev...
High	WIMAX SWC-5100W Remote Command Execution	06.04.2023	Momen Eldawakhly
Med.	D-Link DIR-846 Remote Command Execution	05.04.2023	Francoa Taffarel
High	SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Remote Command Execution (RCE)	03.04.2023	LiquidWorm
High	XCMS v1.83 Remote Command Execution (RCE)	02.04.2023	Onurcan
Med.	Linksys AX3200 V1.1.00 Command Injection	22.03.2023	Ahmed Alroky
High	Bitbucket Environment Variable Remote Command Injection	19.03.2023	Shelby Pace
High	CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined	08.03.2023	Systems Research Group
Med.	Barracuda CloudGen WAN OS Command Injection	06.03.2023	Stefan Viehbock
High	Osprey Pump Controller 1.0.1 pseudonym Command Injection	01.03.2023	LiquidWorm
Med.	Osprey Pump Controller 1.0.1 userName Command Injection	01.03.2023	LiquidWorm
Med.	Froxlor 2.0.6 Remote Command Execution	24.02.2023	Askar
High	Control Web Panel Unauthenticated Remote Command Execution	02.02.2023	Spencer McIntyre
Med.	Hikvision Remote Code Execution / XSS / SQL Injection	02.02.2023	Thurein Soe
High	Cacti 1.2.22 Command Injection	24.01.2023	mr_me
High	Ivanti Cloud Services Appliance (CSA) Command Injection	18.01.2023	h00die-gr3y
Med.	Linear eMerge E3-Series Access Controller Command Injection	05.01.2023	h00die-gr3y
High	4images 1.9 Remote Command Execution	27.12.2022	Andrey Stoykov
Med.	OpenTSDB 2.4.0 Command Injection	24.12.2022	Shai rod
Low	Delta Electronics DVW-W02W2-E2 2.42 Command Injection	09.12.2022	T. Weber
Med.	Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS	09.12.2022	T. Weber
Med.	Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection	01.12.2022	T. Weber
High	F5 BIG-IP iControl Remote Command Execution	26.11.2022	Ron Bowes
High	FLIR AX8 1.46.16 Remote Command Injection meta	02.11.2022	Samy Younsi
High	GLPI 10.0.2 Command Injection	26.10.2022	bwatters-r7
High	MiniDVBLinux 5.4 Remote Root Command Injection	17.10.2022	LiquidWorm
High	Bitbucket Git Command Injection	25.09.2022	Ron Bowes
High	Apache Spark Unauthenticated Command Injection	08.09.2022	Kostya Kortchinsky
High	Cisco ASA-X With FirePOWER Services Authenticated Command Injection	06.09.2022	jbaines-r7
High	Teleport 9.3.6 Command Injection	23.08.2022	Brian Landrum
High	FLIX AX8 1.46.16 Remote Command Execution	20.08.2022	Samy Younsi
High	Advantech iView NetworkServlet Command Injection	20.08.2022	rgod
Med.	FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS	20.08.2022	Samy Younsi
Low	Webmin Package Updates Command Injection	14.08.2022	Christophe de la Fuent...
High	AirSpot 5410 0.3.4.1-4 Remote Command Injection	12.08.2022	Samy Younsi
High	MobileIron Log4Shell Remote Command Execution	03.08.2022	Spencer McIntyre
High	Roxy-WI Remote Command Execution	26.07.2022	Nuri Cilengir
High	Spryker Commerce OS Remote Command Execution	20.07.2022	David Brown
High	Sourcegraph gitserver sshCommand Remote Command Execution	15.07.2022	Spencer McIntyre
High	Zyxel Buffer Overflow / Format String / Command Injection	20.06.2022	Marco Ivaldi
High	Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass	07.06.2022	Johannes Kruchem
Med.	Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection	06.06.2022	Johannes Kruchem
Med.	Telesquare SDT-CW3B1 1.1.0 Command Injection	04.06.2022	Bryan Leong
High	Zyxel USG FLEX 5.21 Command Injection	04.06.2022	Valentin Lobstein
High	iTop Remote Command Execution	24.05.2022	Markus Krell
High	SDT-CW3B1 1.1.0 Command Injection	17.05.2022	Ahmed Alroky
High	VMware Workspace ONE Access Template Injection / Command Execution	04.05.2022	mr_me
High	Tenda HG6 3.3.0 Remote Command Injection	03.05.2022	LiquidWorm
Med.	Zyxel NWA-1100-NH Command Injection	19.04.2022	Ahmed Alroky

CVEMAP Search Results

CVE

Details

Description

2024-04-26

	CVE-2024-32766	Updating...	An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
	CVE-2024-27124	Updating...	An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

2024-04-17

CVE-2023-39367

Updating...

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

2024-04-16

CVE-2024-3880

Updating...

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2024-04-15

CVE-2024-1655

Updating...

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.

2024-04-13

	CVE-2024-3721	Updating...	A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.
	CVE-2024-3739	Updating...	A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.

2024-04-11

CVE-2024-30272

Updating...

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

2024-04-10

	CVE-2024-22448	Updating...	Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
	CVE-2024-2029	Updating...	A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.

25.04.2024

21.04.2024

14.04.2024

11.04.2024

30.03.2024

30.03.2024

30.03.2024

27.03.2024

24.03.2024

20.03.2024

11.03.2024

06.03.2024

03.03.2024

20.02.2024

02.02.2024

02.02.2024

01.02.2024

29.01.2024

26.01.2024

25.01.2024

24.12.2023

10.10.2023

24.09.2023

20.09.2023

10.09.2023

09.09.2023

27.08.2023

24.08.2023

19.08.2023

19.08.2023

16.08.2023

13.08.2023

11.08.2023

08.08.2023

01.08.2023

30.07.2023

26.07.2023

15.07.2023

15.07.2023

11.07.2023

22.06.2023

19.06.2023

15.06.2023

06.06.2023

27.05.2023

13.05.2023

30.04.2023

25.04.2023

18.04.2023

14.04.2023

10.04.2023

07.04.2023

06.04.2023

05.04.2023

03.04.2023

02.04.2023

22.03.2023

19.03.2023

08.03.2023

06.03.2023

01.03.2023

01.03.2023

24.02.2023

02.02.2023

02.02.2023

24.01.2023

18.01.2023

05.01.2023

27.12.2022

24.12.2022

09.12.2022

09.12.2022

01.12.2022

26.11.2022

02.11.2022