CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currentl...

9.8CVSS5.7AI score0.01433EPSS

Exploits0References3

OSV•added 2024/08/12 1:38 p.m.•4 views

CVE-2024-21879

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...

8.8CVSS5.8AI score0.02475EPSS

Exploits0References3

OSV•added 2024/08/12 1:38 p.m.•4 views

CVE-2024-21880

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Enphase allows OS Command Injection.This issue affects Envoy: 4.x = 7.x...

7.2CVSS5.8AI score0.02334EPSS

Exploits0References3

NVD•added 2024/08/12 1:38 p.m.•16 views

CVE-2024-21879

8.8CVSS0.02475EPSS

Exploits0References3

NVD•added 2024/08/12 1:38 p.m.•12 views

CVE-2024-21878

9.8CVSS0.01433EPSS

Exploits0References3

NVD•added 2024/08/12 1:38 p.m.•17 views

CVE-2024-21880

8.6CVSS0.02334EPSS

Exploits0References3

NVD•added 2024/08/12 1:38 p.m.•24 views

CVE-2024-21876

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability via a URL parameter in Enphase IQ Gateway formerly known as Envoy allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...

9.3CVSS0.00796EPSS

Exploits0References3

NVD•added 2024/08/12 1:38 p.m.•23 views

CVE-2024-21877

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability through a url parameter in Enphase IQ Gateway formerly known as Envoy allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and 8.2.4225...

9.2CVSS0.00779EPSS

Exploits0References3

OSV•added 2024/08/12 1:38 p.m.•6 views

CVE-2024-21876

9.1CVSS5.8AI score0.00796EPSS

Exploits0References3

Vulnrichment•added 2024/08/10 5:44 p.m.•31 views

CVE-2024-21876 Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225

9.3CVSS6.8AI score0.00796EPSS

Exploits0References3

Cvelist•added 2024/08/10 5:44 p.m.•36 views

CVE-2024-21876 Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225

9.3CVSS0.00796EPSS

Exploits0References3

CVE•added 2024/08/10 5:44 p.m.•61 views

CVE-2024-21876

CVE-2024-21876 affects Enphase IQ Gateway (formerly Envoy). A path traversal vulnerability allows an unauthenticated attacker to access or create arbitrary files via a URL parameter. Affects Envoy versions 4.x–8.x and

9.3CVSS6.4AI score0.00796EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/08/10 5:44 p.m.•18 views

CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225

8.7CVSS0.02475EPSS

Exploits0References3

Vulnrichment•added 2024/08/10 5:44 p.m.•25 views

CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225

8.7CVSS6.7AI score0.02475EPSS

Exploits0References3

Vulnrichment•added 2024/08/10 5:44 p.m.•26 views

CVE-2024-21877 Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225

9.2CVSS6.8AI score0.00779EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by