Total
2654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14108 | 1 Zspace | 2 Q2c Nas, Q2c Nas Firmware | 2025-12-12 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-65363 | 1 Ruijie | 2 Rg-ap720-l, Rg-ap720-l Firmware | 2025-12-12 | N/A | 7.2 HIGH |
| Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint. | |||||
| CVE-2025-13797 | 1 Adslr | 2 B-qe2w401, B-qe2w401 Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13798 | 1 Adslr | 2 B-qe2w401, B-qe2w401 Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13799 | 1 Adslr | 2 B-qe2w401, B-qe2w401 Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13800 | 1 Adslr | 2 B-qe2w401, B-qe2w401 Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-59286 | 1 Microsoft | 1 365 Copilot Chat | 2025-12-11 | N/A | 9.3 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-59272 | 1 Microsoft | 1 365 Copilot Chat | 2025-12-11 | N/A | 9.3 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | |||||
| CVE-2025-59252 | 1 Microsoft | 1 365 Word Copilot | 2025-12-11 | N/A | 9.3 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2024-6257 | 1 Hashicorp | 1 Go-getter | 2025-12-11 | N/A | 8.4 HIGH |
| HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. | |||||
| CVE-2025-14093 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-12-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14094 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-12-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-56836 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | N/A | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system. | |||||
| CVE-2024-56837 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | N/A | 7.2 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system. | |||||
| CVE-2025-14225 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-14092 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-12-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-47218 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 5.8 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2025-64052 | 1 Tenda | 2 X210, X210 Firmware | 2025-12-10 | N/A | 5.1 MEDIUM |
| An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands. | |||||
| CVE-2024-32766 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 10.0 CRITICAL |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2025-40937 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | N/A | 8.3 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges. | |||||