A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Iv…

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance …

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command …

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in…

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an act…

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) b…

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B…

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with…

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7…

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remot…

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .…

The Meteobridge web interface let meteobridge administrator manage their weather station data c…

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unau…

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.ac…

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Suppo…

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary …

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0…

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the log…

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV…

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly valid…

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 de…

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a comm…

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code executio…

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized att…

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, …

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Sho…

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, an…

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remot…

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the mana…

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the ex…

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated …

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100…

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail a…