Total
1735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46084 | 2024-10-04 | N/A | 8.0 HIGH | ||
| Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | |||||
| CVE-2023-39809 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2024-10-03 | N/A | 9.8 CRITICAL |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. | |||||
| CVE-2024-46256 | 2024-10-03 | N/A | 9.8 CRITICAL | ||
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | |||||
| CVE-2024-7575 | 1 Telerik | 1 Ui For Wpf | 2024-10-03 | N/A | 9.8 CRITICAL |
| In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-8405 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-10-03 | N/A | 5.5 MEDIUM |
| An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. | |||||
| CVE-2022-43781 | 1 Atlassian | 1 Bitbucket | 2024-10-02 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. | |||||
| CVE-2024-43693 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-7679 | 1 Telerik | 1 Ui For Wpf | 2024-10-01 | N/A | 7.8 HIGH |
| In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-45066 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2021-26731 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-09-30 | N/A | 9.8 CRITICAL |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2024-47177 | 2024-09-30 | N/A | 9.0 CRITICAL | ||
| CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. | |||||
| CVE-2024-45989 | 2024-09-30 | N/A | 4.0 MEDIUM | ||
| Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server. | |||||
| CVE-2024-39577 | 2024-09-30 | N/A | 7.1 HIGH | ||
| Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution. | |||||
| CVE-2023-47563 | 1 Qnap | 1 Video Station | 2024-09-28 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | |||||
| CVE-2024-42025 | 1 Ui | 1 Unifi Network Application | 2024-09-28 | N/A | 7.8 HIGH |
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | |||||
| CVE-2024-45682 | 1 Millbeck | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-09-27 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |||||
| CVE-2024-0005 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-09-27 | N/A | 8.8 HIGH |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||||
| CVE-2024-7897 | 1 Tosei-corporation | 1 Online Store Management System | 2024-09-27 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7896 | 1 Tosei-corporation | 1 Online Store Management System | 2024-09-27 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-22127 | 2024-09-26 | N/A | 9.1 CRITICAL | ||
| SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. | |||||