CVE-2023-37679
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting
CVSS
9.8
Crítico
EPSS
96.1%
p100
KEV
—
Exploit Today
30
0-100
Publicado: 3 ago 2023 · Última mod.: 9 jul 2026 · CWE-77
96.1%EPSS · 30 días97.1%
2026-06-302026-07-16
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
- packetstormsecurity.comhttp://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html
- www.ihteam.nethttps://www.ihteam.net/advisory/mirth-connect
- packetstormsecurity.comhttp://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html
- www.ihteam.nethttps://www.ihteam.net/advisory/mirth-connect
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints3dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8dCVE-2023-335329.8 CRÍ96.6%
——29There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.8d