Total
2766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53899 | 2 Redhat, Virtualenv | 8 Enterprise Linux, Openshift Devspaces, Rhel Aus and 5 more | 2025-02-10 | 8.4 High |
| virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | ||||
| CVE-2024-22127 | 1 Sap | 1 Netweaver Application Server Java | 2025-02-07 | 9.1 Critical |
| SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2023-30638 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2025-02-07 | 7.2 High |
| Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | ||||
| CVE-2023-29084 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-02-07 | 7.2 High |
| Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | ||||
| CVE-2024-34352 | 1 Fit2cloud | 1 1panel | 2025-02-07 | 6.5 Medium |
| 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts. | ||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | ||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | ||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-06 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||||
| CVE-2023-30535 | 1 Snowflake | 1 Snowflake Jdbc | 2025-02-06 | 7.3 High |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29. | ||||
| CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2025-02-06 | 6.7 Medium |
| Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | ||||
| CVE-2019-14944 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | ||||
| CVE-2022-46640 | 1 Nanoleaf | 1 Nanoleaf Desktop | 2025-02-06 | 9.8 Critical |
| Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | ||||
| CVE-2024-53615 | 2025-02-06 | 6.5 Medium | ||
| A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. | ||||
| CVE-2023-29855 | 1 Wbce | 1 Wbce Cms | 2025-02-06 | 7.2 High |
| WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | ||||
| CVE-2024-23346 | 1 Materialsvirtuallab | 1 Pymatgen | 2025-02-05 | 9.4 Critical |
| Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. | ||||
| CVE-2025-24150 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-02-05 | 8.8 High |
| A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. | ||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2025-02-05 | 9.8 Critical |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | ||||