Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45987 | 1 B-link | 14 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 11 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function. | |||||
| CVE-2025-45986 | 1 B-link | 16 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 13 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac parameter in the bs_SetMacBlack function. | |||||
| CVE-2025-45985 | 1 B-link | 16 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 13 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function. | |||||
| CVE-2025-45984 | 1 B-link | 18 Bl-ac1900, Bl-ac1900 Firmware, Bl-ac2100 Az3 and 15 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via the routepwd parameter in the sub_45B238 function. | |||||
| CVE-2025-45931 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | |||||
| CVE-2025-45800 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. | |||||
| CVE-2025-45798 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. | |||||
| CVE-2025-45619 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function | |||||
| CVE-2025-45512 | 1 Denx | 1 U-boot | 2026-06-17 | N/A | 6.5 MEDIUM |
| A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. | |||||
| CVE-2025-45493 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function. | |||||
| CVE-2025-45492 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. | |||||
| CVE-2025-45491 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. | |||||
| CVE-2025-45490 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. | |||||
| CVE-2025-45489 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | |||||
| CVE-2025-45488 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | |||||
| CVE-2025-45487 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | |||||
| CVE-2025-45326 | 1 Magdesign | 2 Pocketvj Control Panel, Pocketvj Control Panel Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component. | |||||
| CVE-2025-45317 | 1 Hortusfox | 1 Hortusfox | 2026-06-17 | N/A | 6.5 MEDIUM |
| A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. | |||||
| CVE-2025-45042 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | |||||
| CVE-2025-45011 | 1 Phpgurukul | 1 Park Ticketing Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter. | |||||