Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-53286

Summary
Assigner-synology
Assigner Org ID-db201096-a0cc-46c7-9a55-61d9e221bf01
Published At-23 Jul, 2025 | 04:11
Updated At-23 Jul, 2025 | 15:14
Rejected At-
Credits

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:synology
Assigner Org ID:db201096-a0cc-46c7-9a55-61d9e221bf01
Published At:23 Jul, 2025 | 04:11
Updated At:23 Jul, 2025 | 15:14
Rejected At:
▼CVE Numbering Authority (CNA)

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

Affected Products
Vendor
Synology, Inc.Synology
Product
Synology Router Manager (SRM)
Default Status
affected
Versions
Affected
  • From 1.3 before 1.3.1-9346-11 (semver)

unknown

  • From 0 before 1.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_16
vendor-advisory
Hyperlink: https://www.synology.com/en-global/security/advisory/Synology_SA_24_16
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@synology.com
Published At:23 Jul, 2025 | 05:15
Updated At:29 Jul, 2025 | 19:34

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Synology, Inc.
synology
>>router_manager>>Versions from 1.3(inclusive) to 1.3.1-9346(exclusive)
cpe:2.3:o:synology:router_manager:*:*:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:-:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update1:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update10:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update2:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update3:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update4:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update5:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update6:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update7:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update8:*:*:*:*:*:*
Synology, Inc.
synology
>>router_manager>>1.3.1-9346
cpe:2.3:o:synology:router_manager:1.3.1-9346:update9:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarysecurity@synology.com
CWE ID: CWE-78
Type: Primary
Source: security@synology.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_16security@synology.com
Vendor Advisory
Hyperlink: https://www.synology.com/en-global/security/advisory/Synology_SA_24_16
Source: security@synology.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

727Records found

CVE-2026-49814
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.22% / 64.91%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:13
Updated-03 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-14092
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-14.68% / 96.25%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 16:02
Updated-24 Feb, 2026 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Edimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injection

A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Edimax Technology Company Ltd.
Product-br-6478ac_v3br-6478ac_v3_firmwareBR-6478AC V3
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-48163
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8||HIGH
EPSS-0.65% / 46.85%
||
7 Day CHG+0.20%
Published-12 Jun, 2026 | 17:34
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the rsync SST method. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Action-Not Available
Vendor-Red Hat, Inc.MariaDB Foundation
Product-mariadbserverRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-48165
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8||HIGH
EPSS-0.97% / 57.52%
||
7 Day CHG+0.52%
Published-12 Jun, 2026 | 17:35
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Action-Not Available
Vendor-Red Hat, Inc.MariaDB Foundation
Product-mariadbserverRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Hardened Images
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49815
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.55%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:09
Updated-03 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37878
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.31% / 67.07%
||
7 Day CHG-0.01%
Published-20 Sep, 2022 | 19:58
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-11730
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-1.35% / 68.22%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 01:55
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device by supplying a specially crafted string as an argument to the CLI command.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ATP series firmwareUSG20(W)-VPN series firmwareUSG FLEX 50(W) series firmwareUSG FLEX series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37900
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.69% / 74.32%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 18:56
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-702470107205arubaos7220728070307008sd-wan72107240xm7005Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10239
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 26.84%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 12:42
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unintended command execution via troubleshooting scripts in Progress Flowmon

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes.

Action-Not Available
Vendor-Progress Software Corporation
Product-Flowmon
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11490
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.93% / 77.49%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 13:07
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.

Action-Not Available
Vendor-zevenetn/a
Product-zen_load_balancern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10985
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-21.11% / 97.27%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 14:20
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager Mobile
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10775
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-20.02% / 97.12%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 01:02
Updated-07 Oct, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wavlink WL-NU516U1 login.cgi sub_4012A0 os command injection

A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-nu516u1_firmwarewl-nu516u1WL-NU516U1
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-38547
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.76%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg60_firmwarevpn100atp100_firmwareusg40_firmwareusg60w_firmwareatp100atp800_firmwareusg20-vpn_firmwarezywall_110usg_flex_200usg_flex_500_firmwareusg_flex_100w_firmwareusg_flex_100atp100watp100w_firmwarevpn300_firmwareusg_flex_200_firmwarevpn50_firmwareusg20-vpnusg40w_firmwareatp200atp700zywall_1100usg20w-vpnusg_flex_700vpn100_firmwarevpn300usg40wusg_flex_100wusg60watp700_firmwareatp500_firmwareusg40atp800zywall_310_firmwarevpn1000_firmwarevpn50usg_flex_100_firmwareusg60usg_flex_50_firmwarezywall_110_firmwarezywall_310atp500usg_flex_700_firmwarezywall_1100_firmwarevpn1000usg20w-vpn_firmwareusg_flex_500usg_flex_50atp200_firmwareVPN series firmwareUSG FLEX series firmwareZyWALL/USG series firmwareATP series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10243
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-21.11% / 97.27%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 14:17
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager Mobile
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10242
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-21.11% / 97.27%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 14:14
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager Mobile
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37882
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.34% / 67.92%
||
7 Day CHG+0.04%
Published-20 Sep, 2022 | 19:53
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-38535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.65% / 73.70%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 17:58
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37912
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.58% / 72.53%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:07
Updated-02 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-arubaossd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-0356
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-7.2||HIGH
EPSS-0.60% / 44.36%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 07:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network.

Action-Not Available
Vendor-NEC Corporation
Product-WX1500HPWX3600HP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37899
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.69% / 74.32%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 18:44
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-700872207240xm721070057205arubaos7280702470107030sd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-0528
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-5.81% / 92.24%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 14:31
Updated-28 May, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10_firmwareac18_firmwareac18ac10ac8_firmwareac8AC8AC18AC10
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9380
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-62.99% / 99.10%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:23
Updated-24 Oct, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-30||As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_cloud_services_applianceCSA (Cloud Services Appliance)endpoint_manager_cloud_services_applianceCloud Services Appliance (CSA)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9139
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-8.6||HIGH
EPSS-1.39% / 68.88%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 08:20
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in Restricted Command

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Action-Not Available
Vendor-Moxa Inc.
Product-EDR-810 SeriesEDR-G9010 SeriesEDR-G9004 SeriesTN-4900 SeriesNAT-102 SeriesEDF-G1002-BP SeriesEDR-8010 SeriesOnCell G4302-LTE4 Seriesoncell_g4302-lte4_firmwaretn-4900_firmwareedr-g9004_firmwareedr-8010_firmwarenat-102_firmwareedr-g9010_firmwareedr-810_firmwareedf-g1002-bp_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36962
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.2||HIGH
EPSS-9.01% / 94.64%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 20:46
Updated-25 Apr, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Platform Command Injection

SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-orion_platformSolarWinds PlatformOrion Platform
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-9200
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-1.13% / 62.56%
||
7 Day CHG+0.02%
Published-03 Dec, 2024 | 01:33
Updated-21 Jan, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg4005-b50bvmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwareemg6726-b10avmg4927-b50avmg3927-b50bvmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg4005-b60aemg6726-b10a_firmwareVMG4005-B50A firmwarevmg4005-b50a_firmwarevmg4927-b50a_firmwareemg6726-b10a_firmwarevmg4005-b50b_firmwarevmg3927-b50b_firmwarevmg4005-b60a_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9461
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-1.01% / 58.94%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:56
Updated-08 Apr, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Action-Not Available
Vendor-BoldGrid (InMotion Hosting, Inc.)
Product-total_upkeepTotal Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGridtotal_upkeep
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8278
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.63%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8279
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.63%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8281
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.03% / 59.57%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7728
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.2||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 03:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAYIN Technology CMS - OS Command Injection

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

Action-Not Available
Vendor-CAYIN Technology Co.
Product-CMS-SE(22.04)CMS-SE(18.04)CMS-SEcms-secms-se\(22.04\)cms-se\(18.04\)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36381
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.2||HIGH
EPSS-1.46% / 70.39%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 07:03
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-nintendoNintendo Co., Ltd.
Product-wi-fi_network_adaptor_wap_001_firmwarewi-fi_network_adaptor_wap_001Nintendo Wi-Fi Network Adaptor WAP-001
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-35844
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.29% / 21.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-25 Oct, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortinet FortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34850
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.1||CRITICAL
EPSS-3.38% / 87.32%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 16:34
Updated-15 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-robustelRobustel
Product-r1510_firmwarer1510R1510
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8190
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.2||HIGH
EPSS-88.95% / 99.76%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 20:33
Updated-24 Oct, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-04||As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Action-Not Available
Vendor-Ivanti Software
Product-cloud_services_applianceCSA (Cloud Services Appliance)endpoint_manager_cloud_services_applianceCloud Services Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8280
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.2||HIGH
EPSS-1.03% / 59.57%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

Action-Not Available
Vendor-Lenovo Group Limited
Product-VX7531 Certified Node (ThinkAgile) XCCHX7820 Appliance (ThinkAgile) XCCSR250 V2 (ThinkSystem) XCCVX5530 Appliance (ThinkAgile) XCCHX2331 Certified Node (ThinkAgile) XCCSR650 (ThinkSystem) XCCVX3530-G Appliance (ThinkAgile) XCCHX5531 Certified Node (ThinkAgile) XCCHX5530 Appliance (ThinkAgile) XCCVX7320 N (ThinkAgile) XCCHX1321 Certified Node (ThinkAgile) XCCVX635 V3 Integrated System (ThinkAgile) XCCVX7330 Appliance (Thinkagile) XCCST250 V3 (ThinkSystem) XCCSR258 V2 (ThinkSystem) XCCSE455 V3 (ThinkEdge) XCCSR150 (ThinkSystem) XCCHX Enclosure Certified Node (ThinkAgile) XCCSR630 V3 (ThinkSystem) XCCSR665 V3 (ThinkSystem) XCCVX 1SE Certified Node (ThinkAgile) XCCSE360 V2 (ThinkEdge) XCCHX7530 Appl for SAP HANA (ThinkAgile) XCCSR250 V3 (ThinkSystem) XCCSD650-N V2 (ThinkSystem) XCCHX1521-R Certified Node (ThinkAgile) XCCSR650 V3 (ThinkSystem) XCCSR860 V3 (ThinkSystem) XCCVX3320 (ThinkAgile) XCCHX5520-C Appliance (ThinkAgile) XCCSN850 (ThinkSystem) XCCSR655 V3 (ThinkSystem) XCCSR850P (ThinkSystem) XCCSD665 V3 (ThinkSystem) XCCST550 (ThinkSystem) XCCHX5521 Certified Node (ThinkAgile) XCCST250 V2 (ThinkSystem) XCCSR570 (ThinkSystem) XCCHX3331 Node SAP HANA (ThinkAgile) XCCSR630 V2 (ThinkSystem) XCCHX3330 Appliance (ThinkAgile) XCCHX3376 Certified Node (ThinkAgile) XCCSD550 V3 (ThinkSystem) XCCSR850 V2 (ThinkSystem) XCCST258 V2 (ThinkSystem) XCCSR850 (ThinkSystem) XCCSR675 V3 (ThinkSystem) XCCMX3331-F All-flash Certified node (ThinkAgile) XCCHX7531 Certified Node (ThinkAgile) XCCVX 2U4N Certified Node (ThinkAgile) XCCVX645 V3 Certified Node (ThinkAgile) XCCSR258 V3 (ThinkSystem) XCCHX1021 Edge Certified Node 3yr (ThinkAgile) XCCSR650 V2 (ThinkSystem) XCCVX3520-G (ThinkAgile) XCCVX7820 (ThinkAgile) XCCHX7530 Appliance (ThinkAgile) XCCST250 (ThinkSystem) XCCSE450 (ThinkEdge) XCCSD650 V3 (ThinkSystem) XCCSD650 DWC Dual Node Tray (ThinkSystem) XCCP920 Rack Workstation (ThinkStation) XCCVX5520 (ThinkAgile) XCCSN550 (ThinkSystem) XCCSR645 V3 (ThinkSystem) XCCVX655 V3 Integrated System (ThinkAgile) XCCMX3330-H Hybrid Appliance (ThinkAgile) XCCHX3321 Certified Node (ThinkAgile) XCCHX5520 Appliance (ThinkAgile) XCCHX7531 Node SAP HANA (ThinkAgile) XCCVX645 V3 Integrated System (ThinkAgile) XCCHX5521-C Certified Node (ThinkAgile) XCCSR860 (ThinkSystem) XCCSE350 V2 (ThinkEdge) XCCVX665 V3 Certified Node (ThinkAgile) XCCSR665 (ThinkSystem) XCCVX655 V3 Certified Node (ThinkAgile) XCCST658 V3 (ThinkSystem) XCCHX1320 Appliance (ThinkAgile) XCCVX2320 (ThinkAgile) XCCMX3530 F All flash Appliance (ThinkAgile) XCCST258 (ThinkSystem) XCCSE350 (ThinkSystem) XCCST658 V2 (ThinkSystem) XCCSR530 (ThinkSystem) XCCHX7520 Appliance (ThinkAgile) XCCSD530 V3 (ThinkSystem) XCCVX3330 Appliance (ThinkAgile) XCCSR670 V2 (ThinkSystem) XCCSR860 V2 (ThinkSystem) XCCHX2720-E Appliance (ThinkAgile) XCCHX2330 Appliance (ThinkAgile) XCCMX Edge Appliance - MX1020 (ThinkAgile) XCCSD650 V2 (ThinkSystem) XCCSR850 V3 (ThinkSystem) XCCHX3375 Appliance (ThinkAgile) XCCST650 V2 (ThinkSystem) XCCST258 V3 (ThinkSystem) XCCSR670 (ThinkSystem) XCCHX1331 Certified Node (ThinkAgile) XCCVX2330 Appliance (ThinkAgile) XCCVX3720 (ThinkAgile) XCCSR158 (ThinkSystem) XCCHX3331 Certified Node (ThinkAgile) XCCSD530 (ThinkSystem) XCCMX3330-F All-flash Appliance (ThinkAgile) XCCHX1520-R Appliance (ThinkAgile) XCCSR950 V3 (ThinkSystem) XCCHX3320 Appliance (ThinkAgile) XCCSR550 (ThinkSystem) XCCSR950 (ThinkSystem) XCCSR635 V3 (ThinkSystem) XCCThinkAgile MX1021 on SE350 XCCSR250 (ThinkSystem) XCCVX665 V3 Integrated System (ThinkAgile) XCCHX2321 Certified Node (ThinkAgile) XCCHX3521-G Certified Node (ThinkAgile) XCCHX3520-G Appliance (ThinkAgile) XCCHX3720 Appliance (ThinkAgile) XCCHX3721 Certified Node (ThinkAgile) XCCVX 4U Certified Node (ThinkAgile) XCCSN550 V2 (ThinkSystem) XCCHX7521 Certified Node (ThinkAgile) XCCSR645 (ThinkSystem) XCCST650 V3 (ThinkSystem) XCCMX3331-H Hybrid Certified node (ThinkAgile) XCCMX3530-H Hybrid Appliance (ThinkAgile) XCCVX3331 Certified Node (ThinkAgile) XCCMX3531 H Hybrid Certified node (ThinkAgile) XCCSR590 (ThinkSystem) XCCHX2320-E Appliance (ThinkAgile) XCCVX1320 (ThinkAgile) XCCVX7530 Appliance (ThinkAgile) XCCMX3531-F All-flash Certified node (ThinkAgile) XCCVX7520 (ThinkAgile) XCCHX7821 Certified Node (ThinkAgile) XCCVX7520 N (ThinkAgile) XCCSR258 (ThinkSystem) XCCSR630 (ThinkSystem) XCCSD630 V2 (ThinkSystem) XCCthinkedge_se455_v3_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx1320_firmwarethinksystem_sr630_v3_firmwarethinksystem_sd530_v3_firmwarethinkagile_hx7820_firmwarethinksystem_sr635_v3_firmwarethinkedge_se350_v2_firmwarethinkagile_hx1021_edge_certified_node_3yr_firmwarethinksystem_sr850_v3_firmwarethinksystem_sr950_v3_firmwarethinkedge_se450__firmwarethinkagile_hx7530_firmwarethinksystem_st250_v3_firmwarethinksystem_st650_v3_firmwarethinkagile_hx_enclosure_certified_node_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34883
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.22% / 64.98%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 06:30
Updated-25 Feb, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Action-Not Available
Vendor-Microsoft CorporationDocker, Inc.Hitachi, Ltd.
Product-raid_manager_storage_replication_adapterdockerwindowsRAID Manager Storage Replication Adapter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1634
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-2.81% / 84.82%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:10
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_c125_m5ucs_s3260integrated_management_controller_supervisorucs-e1120d-m3ucs-e160s-m3ucs_c4200ucs-e140s-m2encs_5100ucs-e160d-m2encs_5400unified_computing_systemucs-e180d-m3ucs-e168d-m2Cisco Unified Computing System E-Series Software (UCSE)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7591
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-10||CRITICAL
EPSS-44.07% / 98.60%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 17:16
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

Action-Not Available
Vendor-KempProgress Software Corporation
Product-multi-tenant_hypervisor_firmwareloadmasterLoadMasterloadmaster_mtloadmaster
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-6333
Matching Score-4
Assigner-Xerox Corporation
ShareView Details
Matching Score-4
Assigner-Xerox Corporation
CVSS Score-7.2||HIGH
EPSS-1.21% / 64.83%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 13:51
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products

Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products.

Action-Not Available
Vendor-Xerox Corporation
Product-AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807AltaLink®C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (Aug 2024)WorkCentre 7830/7835iWorkCentre EC7856AltaLink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (Aug 2023)WorkCentre EC7836VersaLink® B625 / C625 | B425 / C425 Common Criteria Certified (2024)Xerox® EC8036 / EC8056 - Common Criteria (June 2024)WorkCentre 7845/7855iWorkCentre 7220/7225iWorkCentre 5945/55iWorkCentre 7970/7970iXerox® EC8036 / EC8056 - Common Criteria (June 2022)WorkCentre 7845/7855 (IBG)WorkCentre 3655/3655iXerox® EC8036 / EC8056WorkCentre 6655/6655iworkcentre_firmwareversalink_firmwarexerox_firmwarealtalink_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1652
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-95.92% / 99.87%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 16:00
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv320_firmwarerv325_firmwarerv325rv320Cisco Small Business RV Series Router FirmwareSmall Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34447
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.66% / 73.75%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:48
Updated-26 Mar, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-6486
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-2.13% / 79.73%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-11 Jun, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection

The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution.

Action-Not Available
Vendor-orangelabUnknown
Product-imagemagick_engineImageMagick Engine
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-3226
Matching Score-4
Assigner-Sophos Limited
ShareView Details
Matching Score-4
Assigner-Sophos Limited
CVSS Score-7.2||HIGH
EPSS-1.75% / 75.06%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

Action-Not Available
Vendor-Sophos Ltd.
Product-xg_firewallxg_firewall_firmwareSophos Firewall
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5672
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-1.22% / 65.02%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 12:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Red Lion Europe: mbNET.mini vulnerable to OS command injection

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

Action-Not Available
Vendor-HelmholzRed Lion Europehelmholzredlion
Product-REX 100mbNET.minirex_100_firmwarembnet_mini
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37924
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.52% / 71.60%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 19:19
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-edgeconnect_enterpriseAruba EdgeConnect Enterprise Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-32752
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-1.36% / 68.39%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 02:57
Updated-12 Dec, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite VA command execution

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite VA
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.63% / 73.35%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:36
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-56137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.77% / 51.19%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:26
Updated-01 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0.

Action-Not Available
Vendor-maxkb1Panel (FIT2CLOUD Inc.)
Product-maxkbMaxKB
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-55904
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.62% / 45.52%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 03:23
Updated-18 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM DevOps Deploy / IBM UrbanCode Deploy command injection

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deploydevops_deployUrbanCode DeployDevOps Deploy
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-5336
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-9.05% / 94.66%
||
7 Day CHG~0.00%
Published-25 May, 2024 | 14:31
Updated-21 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruijie RG-UAC vlan_add_commit.php addVlan os command injection

A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266242 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-rg-uac_6000-x100_firmwarerg-uac_6000-e50mrg-uac_6000-sirg-uac_6000-ei_firmwarerg-uac_6000-isg02_firmwarerg-uac_6000-e10crg-uac_6000-x300d_firmwarerg-uac_6000-e50_firmwarerg-uac_6000-x20m_firmwarerg-uac_6000-e10rg-uac_6000-isg40rg-uac_6000-cc_firmwarerg-uac_6000-x20mrg-uac_6000-xs_firmwarerg-uac_6000-isg10rg-uac_6000-xsrg-uac_6000-earg-uac_6000-e50rg-uac_6000-x100srg-uac_6000-x60rg-uac_6000-u3210_firmwarerg-uac_6000-x60_firmwarerg-uac_6000-isg40_firmwarerg-uac_6000-e10c_firmwarerg-uac_6000-isg02rg-uac_6000-ea_firmwarerg-uac_6000-x100s_firmwarerg-uac_6000-u3210rg-uac_6000-x200rg-uac_6000-isg200rg-uac_6000-e50c_firmwarerg-uac_6000-e50crg-uac_6000-x20me_firmwarerg-uac_6000-e50m_firmwarerg-uac_6000-si_firmwarerg-uac_6000-u3100rg-uac_6000-e20mrg-uac_6000-u3100_firmwarerg-uac_6000-x20merg-uac_6000-e20m_firmwarerg-uac_6000-isg200_firmwarerg-uac_6000-x200_firmwarerg-uac_6000-e20rg-uac_6000-x100rg-uac_6000-e10_firmwarerg-uac_6000-e20crg-uac_6000-x20rg-uac_6000-x300drg-uac_6000-isg10_firmwarerg-uac_6000-x20_firmwarerg-uac_6000-ccrg-uac_6000-e20_firmwarerg-uac_6000-e20c_firmwarerg-uac_6000-eiRG-UAC
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found