** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in…

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Iv…

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) b…

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance …

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with…

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can exe…

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queri…

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7…

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.…

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method…

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the htm…

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command …

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-ser…

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Suppo…

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.…

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allo…

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_…

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerabi…

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.ac…

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary…

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra para…

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 al…

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command …

Cacti provides an operational monitoring and fault management framework. A command injection vu…

An OS command injection vulnerability has been reported to affect several QNAP operating system…

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers t…

The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remot…

Commands can be injected over the network and executed without authentication.

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .…

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php she…

Arbitrary commands execution on the server by exploiting a command injection vulnerability in t…

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Prog…

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the log…

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl pa…

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauth…

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate…

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a comm…

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary …