Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-45488

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 May, 2025 | 00:00
Updated At-06 May, 2025 | 20:10
Rejected At-
Credits

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 May, 2025 | 00:00
Updated At:06 May, 2025 | 20:10
Rejected At:
▼CVE Numbering Authority (CNA)

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pdf
N/A
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.py
N/A
Hyperlink: https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pdf
Resource: N/A
Hyperlink: https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.py
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 May, 2025 | 16:15
Updated At:13 May, 2025 | 20:19

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches

Linksys Holdings, Inc.
linksys
>>e5600_firmware>>1.1.0.26
cpe:2.3:o:linksys:e5600_firmware:1.1.0.26:*:*:*:*:*:*:*
Linksys Holdings, Inc.
linksys
>>e5600>>-
cpe:2.3:h:linksys:e5600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-77Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pdfcve@mitre.org
Exploit
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pycve@mitre.org
Product
Hyperlink: https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.pdf
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_mailex/CI_ddnsStatus_DynDNS_mailex.py
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

1202Records found

CVE-2026-9455
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.91% / 77.29%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 11:45
Updated-26 May, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-46404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 75.99%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Action-Not Available
Vendor-atosn/a
Product-unify_openscape_4000_managerunify_openscape_4000_assistantn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-46640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.40% / 82.02%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 00:00
Updated-05 Jul, 2026 | 01:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.

Action-Not Available
Vendor-nanoleafn/a
Product-nanoleaf_desktopn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-46421
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.22% / 86.69%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 10:20
Updated-16 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-apache-hiveApache Airflow Hive Provider
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28438
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.98%
||
7 Day CHG+0.02%
Published-25 Jul, 2022 | 14:05
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js

Action-Not Available
Vendor-deferred-exec_projectn/a
Product-deferred-execdeferred-exec
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-9457
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-2.09% / 79.39%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 12:15
Updated-26 May, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45462
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.77% / 84.59%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-3871
Matching Score-4
Assigner-ONEKEY GmbH
ShareView Details
Matching Score-4
Assigner-ONEKEY GmbH
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 74.41%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 08:12
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DVW-W02W2-E2dvw-w02w2-e2_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-9458
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-2.09% / 79.39%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 12:30
Updated-28 May, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1000802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.81% / 97.24%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.openSUSEPython Software Foundation
Product-ubuntu_linuxdebian_linuxleappythonn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28434
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.4||CRITICAL
EPSS-1.09% / 61.33%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:26
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.

Action-Not Available
Vendor-gitblame_projectn/a
Product-gitblamegitblame
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-45063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.95% / 91.11%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 00:00
Updated-08 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

Action-Not Available
Vendor-invisible-islandn/aFedora Project
Product-xtermfedoran/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-44621
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 85.68%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 10:31
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kylin: Command injection by Diagnosis Controller

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28443
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 61.98%
||
7 Day CHG+0.02%
Published-25 Jul, 2022 | 14:05
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

Action-Not Available
Vendor-sonar-wrapper_projectn/a
Product-sonar-wrappersonar-wrapper
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28423
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.33%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:28
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package monorepo-build.

Action-Not Available
Vendor-monorepo-build_projectn/a
Product-monorepo-buildmonorepo-build
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.44% / 92.88%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 12:43
Updated-04 Aug, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-fusionn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28451
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 65.08%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:25
Updated-17 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects the package image-tiler before 2.0.2.

Action-Not Available
Vendor-image-tiler_projectn/a
Product-image-tilerimage-tiler
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28436
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.82% / 52.88%
||
7 Day CHG+0.02%
Published-25 Jul, 2022 | 14:09
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package google-cloudstorage-commands.

Action-Not Available
Vendor-google-cloudstorage-commands_projectn/a
Product-google-cloudstorage-commandsgoogle-cloudstorage-commands
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28425
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.77% / 51.14%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:27
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package curljs.

Action-Not Available
Vendor-curljs_projectn/a
Product-curljscurljs
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28435
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.4||CRITICAL
EPSS-1.11% / 61.98%
||
7 Day CHG+0.02%
Published-25 Jul, 2022 | 14:10
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.

Action-Not Available
Vendor-ffmpeg-sdk_projectn/a
Product-ffmpeg-sdkffmpeg-sdk
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-36604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 78.07%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 17:14
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-o3_firmwareo3n/ao3v2_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28453
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.4||CRITICAL
EPSS-1.09% / 61.33%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 13:25
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.

Action-Not Available
Vendor-npos-tesseract_projectn/a
Product-npos-tesseractnpos-tesseract
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-28446
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-3.40% / 87.38%
||
7 Day CHG+0.07%
Published-25 Jul, 2022 | 14:05
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

Action-Not Available
Vendor-ntesseract_projectn/a
Product-ntesseractntesseract
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-9404
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.73% / 74.87%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 23:00
Updated-29 May, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi setDdnsCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.18% / 91.45%
||
7 Day CHG~0.00%
Published-27 Oct, 2022 | 00:00
Updated-12 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.

Action-Not Available
Vendor-ip-comn/a
Product-ew9_firmwareew9n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-37385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.48% / 70.74%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 03:24
Updated-06 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

Action-Not Available
Vendor-n/aRoundcube Webmail ProjectMicrosoft Corporation
Product-webmailwindowsn/aroundcube_webmail
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-37782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 57.98%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.

Action-Not Available
Vendor-n/agladinet
Product-n/acentrestack
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-36783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.39% / 68.91%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 19:58
Updated-04 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-lr350_firmwarelr350n/alr350_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24276
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 77.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100ru_firmwarea7100run/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 79.53%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-52042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.95% / 56.90%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 00:00
Updated-30 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/ax6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-26300
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.41% / 69.35%
||
7 Day CHG-0.00%
Published-09 Sep, 2021 | 01:10
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection in systeminformation

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.

Action-Not Available
Vendor-systeminformationsebhildebrandt
Product-systeminformationsysteminformation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-2509
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-34.17% / 98.20%
||
7 Day CHG~0.00%
Published-17 Apr, 2021 | 03:50
Updated-27 Oct, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-02||Apply updates per vendor instructions.
Command Injection Vulnerability in QTS and QuTS hero

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsquts_heroQuTS heroQTSQNAP Network-Attached Storage (NAS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9385
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.73% / 74.86%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 13:45
Updated-27 May, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-22749
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.74% / 74.98%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:05
Updated-07 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Unauthenticated Command Injections in the PAPI Protocol

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-sd-wanarubaosAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-2507
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 85.92%
||
7 Day CHG+0.32%
Published-03 Feb, 2021 | 15:51
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
command injection vulnerability in Helpdesk

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-helpdeskHelpdesk
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9386
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.73% / 74.86%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 14:00
Updated-26 May, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-9406
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.73% / 74.86%
||
7 Day CHG~0.00%
Published-24 May, 2026 | 23:30
Updated-27 May, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-TOTOLINK
Product-A8000RU
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43550
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.79% / 75.75%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.

Action-Not Available
Vendor-jitsin/aMicrosoft Corporation
Product-jitsiwindowshttps://github.com/jitsi
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-4364
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-4.20% / 89.73%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-15 Oct, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Teledyne FLIR AX8 Web Service palette.php command injection

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

Action-Not Available
Vendor-flirTeledyne FLIR
Product-flir_ax8_firmwareflir_ax8AX8
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-3483
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.98% / 58.02%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 16:44
Updated-21 Jan, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

Action-Not Available
Vendor-Open Text CorporationMicro Focus International Limited
Product-imanageriManagerimanager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-34204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.90% / 77.18%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:33
Updated-09 Apr, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp450cp450_firmwaren/acp450_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-24634
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 78.92%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 01:22
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.

Action-Not Available
Vendor-n/aAruba Networks
Product-sd-wan9004-lte70057240xm90127008703072207010720570247280arubaos72109004Aruba 9000 GatewayAruba 7000 Series Mobility ControllersAruba 7200 Series Mobility Controllers
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-23583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.09% / 79.33%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 84.39%
||
7 Day CHG~0.00%
Published-24 May, 2024 | 20:29
Updated-10 Jun, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.

Action-Not Available
Vendor-mocodon/amocodo
Product-mocodo_onlinen/amocodo_online
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-35285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 66.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 00:00
Updated-07 Jul, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-micollabn/amicollab_nupoint_messanger
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-23584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-41.44% / 98.50%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-43109
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.74% / 88.51%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823g_firmwaredir-823gn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-34166
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-15.79% / 96.47%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-29155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.15%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 00:00
Updated-03 Oct, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint

Action-Not Available
Vendor-smartbearn/a
Product-swagger_petstoren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found