CVE-2023-27759

An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file...

CVE-2023-26777

Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the statuspage.js endpoint...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

CVE-2023-22279

MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command...

CVE-2023-23564

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands...

CVE-2023-50260

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2023-23362

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build...

CVE-2023-30261

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request...

CVE-2023-27761

An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter1464bitsetupfull14204.exe file...

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

CVE-2023-38198

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...

CVE-2023-43510

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system...

CVE-2023-46419

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub415730 function...

CVE-2023-41746

Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager Windows before build 6.2.23089.203...

CVE-2023-33374

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

CVE-2023-33676

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view=" which can be escalated to the remote command execution...