Export limit exceeded: 346616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.8 High |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | ||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2025-04-16 | 9.9 Critical |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | ||||
| CVE-2022-3086 | 1 Moxa | 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more | 2025-04-16 | 7.1 High |
| Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-32933 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 10 Critical |
| An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. | ||||
| CVE-2022-22744 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-16 | 8.8 High |
| The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2025-04-16 | 9.8 Critical |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2024-0817 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-16 | 7.8 High |
| Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | ||||
| CVE-2020-15685 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2025-04-16 | 8.8 High |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | ||||
| CVE-2024-57228 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 8 High |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | ||||
| CVE-2024-57227 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 8 High |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | ||||
| CVE-2024-57226 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 8 High |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | ||||
| CVE-2022-31740 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||||
| CVE-2024-57225 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 9.8 Critical |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | ||||
| CVE-2024-57224 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 9.8 Critical |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | ||||
| CVE-2024-57223 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 9.8 Critical |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | ||||
| CVE-2024-57222 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | 6.3 Medium |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | ||||
| CVE-2022-26007 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 7.2 High |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2022-29503 | 3 Anker, Uclibc, Uclibc-ng Project | 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more | 2025-04-15 | 9.8 Critical |
| A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. | ||||