Total
2740 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35031 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | 8.8 High |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036. | ||||
| CVE-2023-35032 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | 8.8 High |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. | ||||
| CVE-2023-35033 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | 8.8 High |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556. | ||||
| CVE-2023-27836 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-06 | 9.8 Critical |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | ||||
| CVE-2023-26298 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | 8.8 High |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||||
| CVE-2023-26297 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | 8.8 High |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||||
| CVE-2023-26296 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | 8.8 High |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||||
| CVE-2023-26295 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | 9.8 Critical |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||||
| CVE-2023-26294 | 1 Hp | 1 Hp Device Manager | 2025-01-06 | 7.8 High |
| Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | ||||
| CVE-2022-38156 | 1 Kratosdefense | 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware | 2025-01-03 | 7.2 High |
| A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user. | ||||
| CVE-2023-33625 | 1 Dlink | 2 Dir-600, Dir-600 Firmware | 2025-01-03 | 9.8 Critical |
| D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | ||||
| CVE-2023-35035 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-03 | 8.8 High |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557. | ||||
| CVE-2023-34105 | 1 Ossrs | 1 Simple Realtime Server | 2025-01-03 | 7.5 High |
| SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix. | ||||
| CVE-2023-27837 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-03 | 9.8 Critical |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. | ||||
| CVE-2023-35390 | 2 Microsoft, Redhat | 5 .net, Visual Studio 2022, Enterprise Linux and 2 more | 2025-01-01 | 7.8 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-33136 | 1 Microsoft | 1 Azure Devops Server | 2025-01-01 | 8.8 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2023-21805 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 7.8 High |
| Windows MSHTML Platform Remote Code Execution Vulnerability | ||||
| CVE-2024-38228 | 1 Microsoft | 1 Sharepoint Server | 2024-12-31 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-38227 | 1 Microsoft | 1 Sharepoint Server | 2024-12-31 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-12985 | 2024-12-27 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||