High
CVSS: 7.3
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch t…
Medium
CVSS: 5.1
A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from r…
Medium
CVSS: 5.1
A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be…
Medium
CVSS: 5.1
A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os com…
Medium
CVSS: 5.1
A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotel…
Critical
CVSS: 10.0
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
Critical
CVSS: 9.2
# Active Storage allowed transformation methods potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image
transformation methods and parameters by default.
The default allowed list contains three metho…
High
CVSS: 7.2
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
Critical
CVSS: 9.5
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issu…
Low
CVSS: 2.9
Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command strings. Prior to version 0.1.6, filename…
Medium
CVSS: 6.6
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI image…
Medium
CVSS: 5.3
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible t…
High
CVSS: 7.7
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through th…
Critical
CVSS: 9.4
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint (`/projects/:project_id/repository/diff.…
High
CVSS: 7.3
A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack…
High
CVSS: 7.3
A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely.…
High
CVSS: 7.3
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os comm…
High
CVSS: 8.5
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser dev…
Critical
CVSS: 9.9
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum.
This issue affects Apache Continuum: all versions.
Attackers with access to the install…
High
CVSS: 7.7
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions
7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScrip…