Medium
CVSS: 6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a craft…
Medium
CVSS: 6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Medium
CVSS: 6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a c…
Medium
CVSS: 6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a craft…
Medium
CVSS: 6.5
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a c…
Medium
CVSS: 6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafte…
Medium
CVSS: 6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary com…
Medium
CVSS: 6.3
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via…
Medium
CVSS: 6.3
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Medium
CVSS: 6.3
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
Medium
CVSS: 5.1
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox <…
Low
CVSS: 2.3
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtual_environments/te…
Critical
CVSS: 9.2
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting…
Medium
CVSS: 6.5
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.
Medium
CVSS: 6.5
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
High
CVSS: 7.3
Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as for sorting), which will get executed on the server side.
High
CVSS: 7.3
A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.
Medium
CVSS: 5.1
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. T…
Critical
CVSS: 9.8
TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.
Medium
CVSS: 6.3
74cms