Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3273 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2023-1000 | 2024-06-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-4253 | 2024-06-04 | N/A | 7.5 HIGH | ||
| A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secrets exfiltration. The issue affects versions up to and including '@gradio/video@0.6.12'. The flaw is present in the workflow's handling of GitHub context information, where it echoes the full name of the head repository, the head branch, and the workflow reference without adequate sanitization. This could potentially lead to the exfiltration of sensitive secrets such as 'GITHUB_TOKEN', 'COMMENT_TOKEN', and 'CHROMATIC_PROJECT_TOKEN'. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-05-29 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2024-5035 | 2024-05-29 | N/A | N/A | ||
| The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6. | |||||
| CVE-2023-36805 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-29 | N/A | 7.0 HIGH |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-33136 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 8.8 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21805 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2023-36415 | 1 Microsoft | 1 Azure Identity Sdk | 2024-05-29 | N/A | 8.8 HIGH |
| Azure Identity SDK Remote Code Execution Vulnerability | |||||
| CVE-2023-36414 | 1 Microsoft | 1 Azure Identity Sdk | 2024-05-29 | N/A | 8.8 HIGH |
| Azure Identity SDK Remote Code Execution Vulnerability | |||||
| CVE-2023-35390 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-05-29 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-21778 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | N/A | 8.0 HIGH |
| Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | |||||
| CVE-2024-20676 | 1 Microsoft | 1 Azure Storage Mover | 2024-05-29 | N/A | 8.0 HIGH |
| Azure Storage Mover Remote Code Execution Vulnerability | |||||
| CVE-2024-20667 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 7.5 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2024-4267 | 2024-05-24 | N/A | 8.4 HIGH | ||
| A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection. | |||||
| CVE-2024-5023 | 2024-05-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0. | |||||
| CVE-2024-1417 | 2024-05-17 | N/A | 7.8 HIGH | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. | |||||
| CVE-2024-3009 | 2024-05-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2991 | 2024-05-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2982 | 2024-05-17 | 5.2 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||