High
CVE-2024-2662
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficie…
Tag: Command Injection
All CVEs associated with "Command Injection". Page 23/48 • 5730 CVEs.
Subscribe CVEs: RSS for “Command Injection” · RSS (High+Critical only)
About “Command Injection”
A curated feed of “Command Injection”-related CVEs appears below. We currently track 5730 CVEs for this tag (all time). In the last 365 days, 1683 were published. Average CVSS is 8.2 (all time; 7.8 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-05-14
Critical
CVE-2024-29895
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the…
2024-05-07
High
CVE-2022-43654
NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S ro…
High
CVE-2024-4582
A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_s…
2024-05-06
High
CVE-2024-33112
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
High
CVE-2024-33788
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.
Medium
CVE-2024-4510
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.…
Medium
CVE-2024-4509
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.ph…
Medium
CVE-2024-4508
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The m…
Medium
CVE-2024-4507
A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The…
2024-05-05
Medium
CVE-2024-4506
A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipul…
Medium
CVE-2024-4505
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of…
Medium
CVE-2024-4504
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.ph…
Medium
CVE-2024-4503
A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. T…
Medium
CVE-2024-4502
A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of th…
Medium
CVE-2024-4501
A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulatio…
2024-05-03
Critical
CVE-2024-33789
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.
High
CVE-2024-34073
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.versi…
High
CVE-2023-51625
D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected instal…
High
CVE-2023-51585
Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of V…
High
CVE-2023-50217
D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 r…
High
CVE-2023-50216
D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o…
High
CVE-2023-50215
D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
High
CVE-2023-50214
D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o…
High
CVE-2023-50213
D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-…
High
CVE-2023-50207
D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G4…
High
CVE-2023-50206
D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-…
High
CVE-2023-50205
D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G41…
High
CVE-2023-50204
D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G…
High
CVE-2023-50203
D-Link G416 nodered chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G41…
High
CVE-2023-50202
D-Link G416 flupl pythonmodules Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Li…
High
CVE-2023-50201
D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G41…
High
CVE-2023-50200
D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G…
High
CVE-2023-50198
D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wire…
Medium
CVE-2023-47220
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.…
High
CVE-2023-44427
D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affecte…
High
CVE-2023-44426
D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected…
High
CVE-2023-44425
D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst…
High
CVE-2023-44424
D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installa…
High
CVE-2023-44423
D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins…
High
CVE-2023-44422
D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected instal…
High
CVE-2023-44421
D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins…
Medium
CVE-2023-44416
D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DA…
High
CVE-2023-44415
D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link D…
High
CVE-2023-44403
D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins…
High
CVE-2023-42128
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forens…
High
CVE-2023-42123
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Pa…
High
CVE-2023-42122
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel.…
High
CVE-2023-42120
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web…
High
CVE-2023-41201
D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins…
High
CVE-2023-41200
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
High
CVE-2023-41199
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affe…
High
CVE-2023-41198
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affe…
High
CVE-2023-41197
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary co…
High
CVE-2023-41196
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on a…
High
CVE-2023-41195
D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins…
High
CVE-2023-41194
D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst…
High
CVE-2023-41193
D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected in…
High
CVE-2023-41192
D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst…
High
CVE-2023-41191
D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installati…
High
CVE-2023-41190
D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installa…
High
CVE-2023-41189
D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected install…
High
CVE-2023-41188
D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst…
Critical
CVE-2023-40505
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Sim…
Critical
CVE-2023-40504
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Edito…
High
CVE-2023-40480
NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RA…
High
CVE-2023-40479
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 rou…
High
CVE-2023-39471
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL…
High
CVE-2023-38120
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Al…
High
CVE-2023-35723
D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
High
CVE-2023-35722
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 rou…
High
CVE-2023-34281
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation…
High
CVE-2023-34280
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat…
High
CVE-2023-34279
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation…
High
CVE-2023-34278
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected install…
High
CVE-2023-34277
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected insta…
High
CVE-2023-34276
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst…
High
CVE-2023-34275
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
Medium
CVE-2023-32153
D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR…
Medium
CVE-2023-32151
D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link D…
Medium
CVE-2023-32150
D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR…
Medium
CVE-2023-32147
D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Lin…
High
CVE-2023-27367
NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX…
High
CVE-2023-27356
NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30…
2024-04-30
Medium
CVE-2024-22546
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via…
2024-04-29
Critical
CVE-2024-33566
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
Medium
CVE-2024-3196
A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDate…
High
CVE-2024-3193
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulatio…
Critical
CVE-2024-3191
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to…
High
CVE-2024-4301
N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user i…
High
CVE-2024-4299
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers…
High
CVE-2024-4298
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with ad…
2024-04-27
Medium
CVE-2024-4255
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php.…
Medium
CVE-2023-1000
A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification…
2024-04-26
Critical
CVE-2024-33344
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
High
CVE-2024-33343
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
High
CVE-2024-33342
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
Critical
CVE-2024-32766
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have…
High
CVE-2024-27124
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have…
2024-04-24
High
CVE-2024-20356
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform comm…
High
CVE-2024-20295
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and…
2024-04-22
High
CVE-2023-38297
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerabl…
High
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus (versionCode='31', versionName='12') tha…
2024-04-19
High
CVE-2024-3646
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when confi…
2024-04-17
Low
CVE-2024-32314
Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
High
CVE-2024-32292
Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
High
CVE-2024-32283
Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter.
Medium
CVE-2024-32282
Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
High
CVE-2024-32281
Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter.
Critical
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execu…
Medium
CVE-2024-3908
A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac lead…
2024-04-16
Medium
CVE-2024-3880
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the…
Critical
CVE-2024-32027
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.
Critical
CVE-2024-32026
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.
Critical
CVE-2024-32025
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.
Critical
CVE-2024-32022
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5.
Critical
CVE-2024-3271
A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for th…
2024-04-15
High
CVE-2024-2659
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrati…
High
CVE-2023-4855
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.
Critical
CVE-2024-3781
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstre…