CWE:
 

Topic
Date
Author
High
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
22.05.2024
h00die
Med.
Backdrop CMS 1.27.1 Remote Command Execution
20.05.2024
Ahmet Umit Bayram
High
PopojiCMS 2.0.1 Remote Command Execution
20.05.2024
Ahmet Umit Bayram
Med.
Zope 5.9 Command Injection
16.05.2024
Ilyase Dehy
High
htmlLawed 1.2.5 Remote Command Execution
05.05.2024
d4t4s3c
High
Kemp LoadMaster Unauthenticated Command Injection
01.05.2024
Dave Yesland
High
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
25.04.2024
Kr0ff
High
WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)
21.04.2024
tmrswrr
Med.
Ray OS 2.6.3 Command Injection
14.04.2024
Fire_Wolf
High
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
11.04.2024
Georgios Tsimpidas
High
Circontrol Raption Buffer Overflow / Command Injection
30.03.2024
Dariusz Gonda
High
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
30.03.2024
Charles FOL
Med.
FoF Pretty Mail 1.1.2 Command Injection
30.03.2024
Chokri Hammedi
High
Sharepoint Dynamic Proxy Generator Remote Command Execution
27.03.2024
Jang
High
OpenNMS Horizon 31.0.7 Remote Command Execution
24.03.2024
Erik Wynter
High
SolarView Compact 6.00 Command Injection
20.03.2024
ByteHunter
High
Akaunting 3.1.3 Remote Command Execution
11.03.2024
u32i
High
elFinder Web file manager Version 2.1.53 Remote Command Execution
06.03.2024
tmrswrr
High
Easywall 0.3.1 Authenticated Remote Command Execution
03.03.2024
Melvin Mejia
High
Kafka UI 0.7.1 Command Injection
20.02.2024
h00die-gr3y
High
Typora 1.7.4 Command Injection
02.02.2024
Ahmet Umit Bayram
Med.
7 Sticky Notes 1.9 Command Injection
02.02.2024
Ahmet Umit Bayram
High
Mirth Connect 4.4.0 Remote Command Execution
01.02.2024
r00t
High
Cacti 1.2.24 Authenticated command injection when using SNMP options
29.01.2024
Antonio Francesco Sard...
Med.
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
26.01.2024
Valentin Lobstein
High
GL.iNet Unauthenticated Remote Command Execution
25.01.2024
h00die-gr3y
High
Vinchin Backup And Recovery Command Injection
24.12.2023
Valentin Lobstein
High
Atcom 2.7.x.x Command Injection
10.10.2023
Mohammed Adel
High
TOTOLINK Wireless Routers Remote Command Execution
24.09.2023
h00die-gr3y
High
Super Store Finder 3.7 Remote Command Execution
20.09.2023
Etharus
High
OpenTSDB 2.4.1 Unauthenticated Command Injection
10.09.2023
Erik Wynter
Med.
Wp2Fac 1.0 Command Injection
09.09.2023
Ahmet Umit Bayram
Med.
Chamilo 1.11.18 Command Injection
27.08.2023
RandoriSec
High
WordPress Plugin Forminator 1.24.6 Unauthenticated Remote Command Execution
24.08.2023
Mehmet Kelep├že
High
Greenshot 1.3.274 Deserialization / Command Execution
19.08.2023
bwatters-r7
High
Maltrail 0.53 Unauthenticated Command Injection
19.08.2023
Ege Balci
High
RaspAP 2.8.7 Unauthenticated Command Injection
16.08.2023
Ege Balci
High
Emagic Data Center Management Suite 6.0 Remote Command Execution
13.08.2023
thewhiteh4t
High
TP-Link Archer AX21 Command Injection
11.08.2023
Voyag3r
Low
Emagic Data Center Management Suite v6.0 OS Command Injection
08.08.2023
Shubham Pandey & thewh...
High
Eramba 3.19.1 Remote Command Execution
01.08.2023
Sergey Makarov
Med.
Western Digital MyCloud Unauthenticated Command Injection
30.07.2023
Remco Vermeulen
High
VMWare Aria Operations For Networks Remote Command Execution
26.07.2023
h00die
High
pfSense Restore RRD Data Command Injection
15.07.2023
Emir Polat
High
Spring Cloud 3.2.2 Remote Command Execution (RCE)
15.07.2023
GatoGamer1155, 0bfxgh0...
High
DaillyTools Remote Command Execution
11.07.2023
indoushka
Med.
OX App Suite SSRF / Resource Consumption / Command Injection
22.06.2023
Mehmet Ince
Med.
SystemK NVR 504/508/516 Command Injection
19.06.2023
Keniver Wang
High
Oracle Weblogic PreAuth Remote Command Execution
15.06.2023
Grant Willcox
Low
ManageEngine ADManager Plus Command Injection
06.06.2023
Grant Willcox
High
Seagate Central Storage 2015.0916 User Creation / Command Execution
27.05.2023
Ege Balci
High
Advantech EKI-15XX Series Command Injection / Buffer Overflow
13.05.2023
T. Weber
High
Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution
30.04.2023
Matteo Mandolini
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection
25.04.2023
Behnam Abasi Vanda
High
SPIP Remote Command Execution
18.04.2023
coiffeur
High
Altenergy Power Control Software C1.2.5 OS command injection
14.04.2023
Ahmed Alroky
Med.
Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection
10.04.2023
LiquidWorm
Med.
pdfkit v0.8.7.2 Command Injection
07.04.2023
UNICORD (NicPWNs & Dev...
High
WIMAX SWC-5100W Remote Command Execution
06.04.2023
Momen Eldawakhly
Med.
D-Link DIR-846 Remote Command Execution
05.04.2023
Francoa Taffarel
High
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Remote Command Execution (RCE)
03.04.2023
LiquidWorm
High
XCMS v1.83 Remote Command Execution (RCE)
02.04.2023
Onurcan
Med.
Linksys AX3200 V1.1.00 Command Injection
22.03.2023
Ahmed Alroky
High
Bitbucket Environment Variable Remote Command Injection
19.03.2023
Shelby Pace
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
08.03.2023
Systems Research Group
Med.
Barracuda CloudGen WAN OS Command Injection
06.03.2023
Stefan Viehbock
High
Osprey Pump Controller 1.0.1 pseudonym Command Injection
01.03.2023
LiquidWorm
Med.
Osprey Pump Controller 1.0.1 userName Command Injection
01.03.2023
LiquidWorm
Med.
Froxlor 2.0.6 Remote Command Execution
24.02.2023
Askar
High
Control Web Panel Unauthenticated Remote Command Execution
02.02.2023
Spencer McIntyre
Med.
Hikvision Remote Code Execution / XSS / SQL Injection
02.02.2023
Thurein Soe
High
Cacti 1.2.22 Command Injection
24.01.2023
mr_me
High
Ivanti Cloud Services Appliance (CSA) Command Injection
18.01.2023
h00die-gr3y
Med.
Linear eMerge E3-Series Access Controller Command Injection
05.01.2023
h00die-gr3y
High
4images 1.9 Remote Command Execution
27.12.2022
Andrey Stoykov
Med.
OpenTSDB 2.4.0 Command Injection
24.12.2022
Shai rod
Low
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
09.12.2022
T. Weber
Med.
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
09.12.2022
T. Weber
Med.
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
01.12.2022
T. Weber
High
F5 BIG-IP iControl Remote Command Execution
26.11.2022
Ron Bowes
High
FLIR AX8 1.46.16 Remote Command Injection meta
02.11.2022
Samy Younsi
High
GLPI 10.0.2 Command Injection
26.10.2022
bwatters-r7
High
MiniDVBLinux 5.4 Remote Root Command Injection
17.10.2022
LiquidWorm
High
Bitbucket Git Command Injection
25.09.2022
Ron Bowes
High
Apache Spark Unauthenticated Command Injection
08.09.2022
Kostya Kortchinsky
High
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
06.09.2022
jbaines-r7
High
Teleport 9.3.6 Command Injection
23.08.2022
Brian Landrum
High
FLIX AX8 1.46.16 Remote Command Execution
20.08.2022
Samy Younsi
High
Advantech iView NetworkServlet Command Injection
20.08.2022
rgod
Med.
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
20.08.2022
Samy Younsi
Low
Webmin Package Updates Command Injection
14.08.2022
Christophe de la Fuent...
High
AirSpot 5410 0.3.4.1-4 Remote Command Injection
12.08.2022
Samy Younsi
High
MobileIron Log4Shell Remote Command Execution
03.08.2022
Spencer McIntyre
High
Roxy-WI Remote Command Execution
26.07.2022
Nuri Cilengir
High
Spryker Commerce OS Remote Command Execution
20.07.2022
David Brown
High
Sourcegraph gitserver sshCommand Remote Command Execution
15.07.2022
Spencer McIntyre
High
Zyxel Buffer Overflow / Format String / Command Injection
20.06.2022
Marco Ivaldi
High
Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass
07.06.2022
Johannes Kruchem
Med.
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection
06.06.2022
Johannes Kruchem
Med.
Telesquare SDT-CW3B1 1.1.0 Command Injection
04.06.2022
Bryan Leong


CVEMAP Search Results

CVE
Details
Description
2024-05-23
Waiting for details
CVE-2024-30279

Updating...
 

 
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2024-5241

Updating...
 

 
A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. It has been classified as critical. Affected is an unknown function of the file /manager/ipconfig_new.php. The manipulation of the argument dev leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265992.

 
2024-05-16
Waiting for details
CVE-2024-3126

Updating...
 

 
A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to execute a command constructed with a Python f-string, without adequately sanitizing the 'xtts_base_url' input. This flaw allows attackers to execute arbitrary commands remotely by manipulating the 'xtts_base_url' parameter. The vulnerability affects versions up to and including the latest version before 9.5. Successful exploitation could lead to arbitrary remote code execution (RCE) on the system where the application is deployed.

 
Waiting for details
CVE-2024-30307

Updating...
 

 
Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2024-30297

Updating...
 

 
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2024-30296

Updating...
 

 
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2024-30274

Updating...
 

 
Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
Waiting for details
CVE-2024-4965

Updating...
 

 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

 
Waiting for details
CVE-2024-30314

Updating...
 

 
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.

 
Waiting for details
CVE-2024-30292

Updating...
 

 
Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top