Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-3566 |
|
Command Injection in node (CVE-2024-3566)
command injection in node (CVE-2024-3566). Successful exploitation can lead to full system takeover. Exploitable via ``cmd.exe``. Mitigation: upgrade to `18.19.0` or later.
|
| CVE-2024-24321 |
|
Command Injection in dlink (CVE-2024-24321)
command injection in dlink (CVE-2024-24321). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22900 |
|
Command Injection in vinchin (CVE-2024-22900)
command injection in vinchin (CVE-2024-22900). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22903 |
|
Command Injection in vinchin (CVE-2024-22903)
command injection in vinchin (CVE-2024-22903). Successful exploitation can lead to full system takeover.
|
| CVE-2024-21488 |
|
Command Injection in forkhq (CVE-2024-21488)
command injection in forkhq (CVE-2024-21488). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-24135 |
|
Command Injection in jensenofscandinavia (CVE-2023-24135)
command injection in jensenofscandinavia (CVE-2023-24135). Successful exploitation can lead to full system takeover.
|
| CVE-2024-21887 KEV |
|
[KEV] Command Injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887)
command injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-20017 KEV |
|
[KEV] Command Injection in D-link dsl-2750b-devices (CVE-2016-20017)
command injection in D-link dsl-2750b-devices (CVE-2016-20017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-50989 |
|
Command Injection in tenda (CVE-2023-50989)
command injection in tenda (CVE-2023-50989). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50983 |
|
Command Injection in tenda (CVE-2023-50983)
command injection in tenda (CVE-2023-50983). Successful exploitation can lead to full system takeover.
|
| CVE-2023-1671 KEV |
|
[KEV] Command Injection in Sophos web-appliance (CVE-2023-1671)
command injection in Sophos web-appliance (CVE-2023-1671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39637 |
|
Command Injection in dlink (CVE-2023-39637)
command injection in dlink (CVE-2023-39637). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39809 |
|
Command Injection in nvki (CVE-2023-39809)
command injection in nvki (CVE-2023-39809). Successful exploitation can lead to full system takeover.
|
| CVE-2023-37679 |
|
Command Injection in nextgen (CVE-2023-37679)
command injection in nextgen (CVE-2023-37679). Successful exploitation can lead to full system takeover.
|
| CVE-2023-34960 |
|
Command Injection in chamilo (CVE-2023-34960)
command injection in chamilo (CVE-2023-34960). Successful exploitation can lead to full system takeover.
|
| CVE-2023-20887 KEV |
|
[KEV] Command Injection in Vmware aria-operations-for-networks (CVE-2023-20887)
command injection in Vmware aria-operations-for-networks (CVE-2023-20887). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-33782 |
|
Command Injection in dlink (CVE-2023-33782)
command injection in dlink (CVE-2023-33782). Successful exploitation can lead to full system takeover.
|
| CVE-2023-31569 |
|
Command Injection in totolink (CVE-2023-31569)
command injection in totolink (CVE-2023-31569). Successful exploitation can lead to full system takeover.
|
| CVE-2023-33532 |
|
Command Injection in netgear (CVE-2023-33532)
command injection in netgear (CVE-2023-33532). Successful exploitation can lead to full system takeover.
|
| CVE-2023-33530 |
|
Command Injection in tenda (CVE-2023-33530)
command injection in tenda (CVE-2023-33530). Successful exploitation can lead to full system takeover.
|
| CVE-2023-31740 |
|
Command Injection in linksys (CVE-2023-31740)
command injection in linksys (CVE-2023-31740). Successful exploitation can lead to full system takeover.
|
| CVE-2023-31741 |
|
Command Injection in linksys (CVE-2023-31741)
command injection in linksys (CVE-2023-31741). Successful exploitation can lead to full system takeover.
|
| CVE-2023-31742 |
|
Command Injection in linksys (CVE-2023-31742)
command injection in linksys (CVE-2023-31742). Successful exploitation can lead to full system takeover.
|
| CVE-2023-31729 |
|
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
|
| CVE-2023-1389 KEV |
|
[KEV] Command Injection in Tp-link archer-ax21 (CVE-2023-1389)
command injection in Tp-link archer-ax21 (CVE-2023-1389). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-46640 |
|
Command Injection in nanoleaf (CVE-2022-46640)
command injection in nanoleaf (CVE-2022-46640). Successful exploitation can lead to full system takeover.
|
| CVE-2021-3855 |
|
Command Injection in liman (CVE-2021-3855)
command injection in liman (CVE-2021-3855). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40765 KEV |
|
[KEV] Command Injection in Mitel mivoice-connect (CVE-2022-40765)
command injection in Mitel mivoice-connect (CVE-2022-40765). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-45701 |
|
Command Injection in commscope (CVE-2022-45701)
command injection in commscope (CVE-2022-45701). Successful exploitation can lead to full system takeover.
|
| CVE-2018-19949 KEV |
|
[KEV] Vulnerability in Qnap network-attached-storage-nas (CVE-2018-19949)
vulnerability in Qnap network-attached-storage-nas (CVE-2018-19949). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-6367 KEV |
|
[KEV] Command Injection in Cisco adaptive-security-appliance-asa (CVE-2016-6367)
command injection in Cisco adaptive-security-appliance-asa (CVE-2016-6367). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-43159 |
|
Command Injection in ruijienetworks (CVE-2021-43159)
command injection in ruijienetworks (CVE-2021-43159). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43160 |
|
Command Injection in ruijienetworks (CVE-2021-43160)
command injection in ruijienetworks (CVE-2021-43160). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43161 |
|
Command Injection in ruijienetworks (CVE-2021-43161)
command injection in ruijienetworks (CVE-2021-43161). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43163 |
|
Command Injection in ruijienetworks (CVE-2021-43163)
command injection in ruijienetworks (CVE-2021-43163). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43162 |
|
Command Injection in ruijienetworks (CVE-2021-43162)
command injection in ruijienetworks (CVE-2021-43162). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26826 |
|
Command Injection in microsoft (CVE-2022-26826)
command injection in microsoft (CVE-2022-26826). Successful exploitation can lead to full system takeover.
|
| CVE-2010-5330 KEV |
|
[KEV] Command Injection in Ubiquiti airos (CVE-2010-5330)
command injection in Ubiquiti airos (CVE-2010-5330). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-2509 KEV |
|
[KEV] Command Injection in qnap (CVE-2020-2509)
command injection in qnap (CVE-2020-2509). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-1555 KEV |
|
[KEV] Command Injection in Netgear wireless-access-point-wap-devices (CVE-2016-1555)
command injection in Netgear wireless-access-point-wap-devices (CVE-2016-1555). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44620 |
|
Command Injection in totolink (CVE-2021-44620)
command injection in totolink (CVE-2021-44620). Successful exploitation can lead to full system takeover.
|
| CVE-2015-2051 KEV |
|
[KEV] Command Injection in D-link dir-645-router (CVE-2015-2051)
command injection in D-link dir-645-router (CVE-2015-2051). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42638 |
|
Command Injection in printerlogic (CVE-2021-42638)
command injection in printerlogic (CVE-2021-42638). Successful exploitation can lead to full system takeover.
|
| CVE-2019-0541 KEV |
|
[KEV] Command Injection in Microsoft mshtml (CVE-2019-0541)
command injection in Microsoft mshtml (CVE-2019-0541). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22899 KEV |
|
[KEV] Command Injection in Ivanti pulse-connect-secure (CVE-2021-22899)
command injection in Ivanti pulse-connect-secure (CVE-2021-22899). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-15940 |
|
Command Injection in paloaltonetworks (CVE-2017-15940)
command injection in paloaltonetworks (CVE-2017-15940). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15889 |
|
Command Injection in synology (CVE-2017-15889)
command injection in synology (CVE-2017-15889). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12352 |
|
Command Injection in cisco (CVE-2017-12352)
command injection in cisco (CVE-2017-12352). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12329 |
|
Command Injection in cisco (CVE-2017-12329)
command injection in cisco (CVE-2017-12329). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12330 |
|
Command Injection in cisco (CVE-2017-12330)
command injection in cisco (CVE-2017-12330). Risk of unauthorized operations or information disclosure.
|