ReportizFlow
Filtered by vendor
Subscriptions
Total
2450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | ||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | ||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2025-02-07 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||||
| CVE-2023-30535 | 1 Snowflake | 1 Snowflake Jdbc | 2025-02-06 | 7.3 High |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29. | ||||
| CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2025-02-06 | 6.7 Medium |
| Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | ||||
| CVE-2019-14944 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. | ||||
| CVE-2022-46640 | 1 Nanoleaf | 1 Nanoleaf Desktop | 2025-02-06 | 9.8 Critical |
| Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. | ||||
| CVE-2024-53615 | 2025-02-06 | 6.5 Medium | ||
| A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. | ||||
| CVE-2023-29855 | 1 Wbce | 1 Wbce Cms | 2025-02-06 | 7.2 High |
| WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | ||||
| CVE-2025-23239 | 2025-02-06 | 8.7 High | ||
| When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-23346 | 1 Materialsvirtuallab | 1 Pymatgen | 2025-02-06 | 9.4 Critical |
| Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. | ||||
| CVE-2025-24150 | 2 Apple, Redhat | 5 Ipados, Iphone Os, Macos and 2 more | 2025-02-05 | 8.8 High |
| A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. | ||||
| CVE-2023-27848 | 1 Broccoli-compass Project | 1 Broccoli-compass | 2025-02-05 | 9.8 Critical |
| broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | ||||
| CVE-2023-20865 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-02-05 | 7.2 High |
| VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | ||||
| CVE-2024-2352 | 1 Fit2cloud | 1 1panel | 2025-02-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304. | ||||
| CVE-2023-27849 | 1 Rails-routes-to-json Project | 1 Rails-routes-to-json | 2025-02-05 | 9.8 Critical |
| rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | ||||
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2025-02-04 | 9.8 Critical |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | ||||