Total
4354 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2025-04-10 | 8.8 High |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | ||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. | ||||
| CVE-2024-51253 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. | ||||
| CVE-2024-45882 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.` | ||||
| CVE-2024-45884 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.` | ||||
| CVE-2024-45885 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.` | ||||
| CVE-2024-45887 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.` | ||||
| CVE-2024-45888 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.' | ||||
| CVE-2024-45889 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.` | ||||
| CVE-2024-45890 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.` | ||||
| CVE-2024-45891 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.` | ||||
| CVE-2024-45893 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.` | ||||
| CVE-2024-46316 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. | ||||
| CVE-2023-40504 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19953. | ||||
| CVE-2023-40505 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createThumbnailByMovie method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19978. | ||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2025-04-10 | 7.4 High |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | ||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | 7.4 High |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | ||||