Total
4346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43466 | 1 Buffalo | 20 Wex-1800ax4, Wex-1800ax4 Firmware, Wex-1800ax4ea and 17 more | 2025-04-17 | 6.8 Medium |
| OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | ||||
| CVE-2025-3729 | 2025-04-17 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45942 | 1 Baijiacms Project | 1 Baijiacms | 2025-04-17 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | ||||
| CVE-2022-40624 | 1 Pfsense | 1 Pfblockerng | 2025-04-17 | 9.8 Critical |
| pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | ||||
| CVE-2021-20035 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2025-04-17 | 6.5 Medium |
| Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | ||||
| CVE-2022-46538 | 1 Tenda | 2 F1203, F1203 Firmware | 2025-04-16 | 9.8 Critical |
| Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | ||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.8 High |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | ||||
| CVE-2022-2253 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2025-04-16 | 9.1 Critical |
| A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. | ||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2025-04-16 | 9.9 Critical |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | ||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2025-04-16 | 9.1 Critical |
| The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | ||||
| CVE-2022-21143 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 7.5 High |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands. | ||||
| CVE-2021-27476 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2025-04-16 | 10 Critical |
| A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. | ||||
| CVE-2021-32933 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 10 Critical |
| An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | ||||
| CVE-2021-32974 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2025-04-16 | 9.8 Critical |
| Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | ||||
| CVE-2022-1357 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 9.8 Critical |
| The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. | ||||
| CVE-2022-1356 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 7.1 High |
| cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | ||||
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5.7 Medium |
| The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | ||||
| CVE-2022-1360 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 8.2 High |
| The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. | ||||
| CVE-2022-1362 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5 Medium |
| The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | ||||
| CVE-2022-25171 | 1 P4 Project | 1 P4 | 2025-04-16 | 7.4 High |
| The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization | ||||