Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2355 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-24032 1 Zimbra 1 Collaboration 2024-12-18 7.8 High
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
CVE-2024-39703 2024-12-18 8.8 High
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint.
CVE-2020-10826 1 Draytek 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more 2024-12-18 9.8 Critical
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
CVE-2024-10966 1 Totolink 2 X18, X18 Firmware 2024-12-17 6.3 Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-56087 2024-12-16 5.9 Medium
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVE-2024-56086 2024-12-16 7.1 High
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
CVE-2024-56085 2024-12-16 5.9 Medium
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
CVE-2024-29404 2024-12-13 7.8 High
An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component.
CVE-2023-28365 3 Linux, Ubiquiti, Ui 3 Linux Kernel, Unifi Network Application, Unifi Network Application 2024-12-12 9.1 Critical
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
CVE-2024-12350 2 Jfinalcms Project, Jwillber 2 Jfinalcms, Jfinalcms 2024-12-11 6.3 Medium
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12358 2 Datax-web Project, Weiye-jing 2 Datax-web, Datax-web 2024-12-11 6.3 Medium
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-55547 2024-12-10 N/A
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
CVE-2024-55544 2024-12-10 N/A
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
CVE-2024-22122 1 Zabbix 1 Zabbix 2024-12-10 3 Low
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
CVE-2023-36754 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-12-10 9.1 Critical
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-53919 2024-12-10 7.6 High
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.
CVE-2024-53672 2024-12-06 4.7 Medium
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVE-2024-50388 1 Qnap 1 Hbs 3 2024-12-06 N/A
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later
CVE-2024-51114 1 Beijing Digital China Cloud Technology 1 Imcloud 2024-12-05 8.8 High
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVE-2023-30260 1 Raspap 1 Raspap 2024-12-05 8.8 High
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.