Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | |||||
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | |||||
| CVE-2022-0841 | 1 Npm-lockfile Project | 1 Npm-lockfile | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | |||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2024-11-21 | 10.0 HIGH | 9.1 CRITICAL |
| The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | |||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4242 | 1 Sapido | 8 Br270n, Br270n Firmware, Brc76n and 5 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592. | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | |||||
| CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. | |||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | |||||
| CVE-2021-46422 | 1 Telesquare | 2 Sdt-cs3b1, Sdt-cs3b1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | |||||
| CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis. | |||||
| CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | |||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | |||||
| CVE-2021-46007 | 1 Totolink | 2 Ar3100r, Ar3100r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. | |||||
| CVE-2021-45987 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. | |||||
| CVE-2021-45986 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. | |||||
| CVE-2021-45979 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | |||||