Total
2376 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26297 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26298 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26294 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 4.3 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | ||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | 7.4 High |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | ||||
| CVE-2022-45095 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-27 | 6.7 Medium |
| Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. | ||||
| CVE-2024-45348 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2025-03-27 | 6.4 Medium |
| Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. | ||||
| CVE-2024-27818 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-03-26 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-03-26 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-24146 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | ||||
| CVE-2023-24145 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | ||||
| CVE-2023-24144 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | ||||
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | ||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | ||||
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | ||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | ||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | ||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | 9.8 Critical |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | ||||
| CVE-2023-0640 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2025-03-26 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | ||||
| CVE-2023-22657 | 1 F5 | 2 F5os-a, F5os-c | 2025-03-26 | 7 High |
| On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||