ReportizFlow
Filtered by vendor
Subscriptions
Total
2155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32355 | 1 Totolink | 1 X5000r Firmware | 2024-11-21 | 8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. | ||||
| CVE-2024-32354 | 1 Totolink | 1 X5000r Firmware | 2024-11-21 | 6 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-32353 | 1 Totolink | 1 X5000r | 2024-11-21 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | ||||
| CVE-2024-32349 | 1 Totolink | 1 X5000r Firmware | 2024-11-21 | 6 Medium |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. | ||||
| CVE-2024-32314 | 1 Tenda | 1 Ac500 | 2024-11-21 | 3.8 Low |
| Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32292 | 1 Tenda | 1 W30e Firmware | 2024-11-21 | 8.8 High |
| Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32283 | 1 Tenda | 1 Fh1203 | 2024-11-21 | 7.3 High |
| Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32282 | 1 Tenda | 1 Fh1202 Firmware | 2024-11-21 | 6.3 Medium |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32281 | 1 Tenda | 1 Ac7 Firmware | 2024-11-21 | 8.8 High |
| Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32027 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32026 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32025 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32022 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-31811 | 2024-11-21 | 8.0 High | ||
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | ||||
| CVE-2024-31485 | 1 Siemens | 2 Cpci85 Firmware, Sicore Base System | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2024-30891 | 2024-11-21 | 8.8 High | ||
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | ||||
| CVE-2024-30850 | 2024-11-21 | 8.8 High | ||
| An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | ||||
| CVE-2024-30637 | 2024-11-21 | 8.8 High | ||
| Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. | ||||
| CVE-2024-30368 | 1 A10networks | 1 Advanced Core Operating System | 2024-11-21 | 8.8 High |
| A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517. | ||||
| CVE-2024-30213 | 2024-11-21 | 8.8 High | ||
| StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. | ||||