Total
2291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24049 | 2025-03-11 | 8.4 High | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-26627 | 2025-03-11 | 7 High | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-26602 | 1 Asus | 1 Asmb8-ikvm Firmware | 2025-03-11 | 9.8 Critical |
| ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | ||||
| CVE-2022-48259 | 1 Huawei | 2 Bisheng-wnm, Bisheng-wnm Firmware | 2025-03-11 | 9.8 Critical |
| There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges. | ||||
| CVE-2022-48255 | 1 Huawei | 2 Bisheng-wnm, Bisheng-wnm Firmware | 2025-03-11 | 9.8 Critical |
| There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | ||||
| CVE-2021-3855 | 1 Liman | 1 Port Mys | 2025-03-11 | 8.8 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462. | ||||
| CVE-2023-22767 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22766 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22747 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-11 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22765 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22764 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22763 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2025-03-11 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-23080 | 1 Tenda | 10 Cp3, Cp3 Firmware, Cp7 and 7 more | 2025-03-11 | 9.8 Critical |
| Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | ||||
| CVE-2021-4406 | 1 Osnexus | 1 Quantastor | 2025-03-11 | 9.1 Critical |
| An administrator is able to execute commands as root via the alerts management dialog | ||||
| CVE-2024-21878 | 1 Enphase | 3 Envoy, Iq Gateway, Iq Gateway Firmware | 2025-03-11 | 9.8 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched. | ||||
| CVE-2024-21880 | 1 Enphase | 3 Envoy, Iq Gateway, Iq Gateway Firmware | 2025-03-11 | 7.2 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | ||||
| CVE-2024-21879 | 1 Enphase | 3 Envoy, Iq Gateway, Iq Gateway Firmware | 2025-03-11 | 8.8 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | ||||
| CVE-2025-26331 | 2025-03-11 | 7.8 High | ||
| Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | ||||
| CVE-2023-22496 | 1 Netdata | 1 Netdata | 2025-03-10 | 8.1 High |
| Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability. | ||||
| CVE-2021-39217 | 1 Openmage | 1 Magento | 2025-03-10 | 7.2 High |
| OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. | ||||