Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45010 | 1 Phpgurukul | 1 Park Ticketing Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters. | |||||
| CVE-2025-45009 | 1 Phpgurukul | 1 Park Ticketing Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter. | |||||
| CVE-2025-44877 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44872 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44867 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44866 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44865 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44864 | 1 Tenda | 2 W20e, W20e Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44863 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44862 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44861 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44860 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44854 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44848 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44847 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44846 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44845 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44844 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44843 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||