Total
2168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22473 | 2025-03-17 | N/A | 7.8 HIGH | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2025-22472 | 2025-03-17 | N/A | 7.8 HIGH | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges. | |||||
| CVE-2024-48017 | 2025-03-17 | N/A | 6.5 MEDIUM | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2024-48015 | 2025-03-17 | N/A | 6.7 MEDIUM | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2024-48830 | 2025-03-17 | N/A | 7.8 HIGH | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2024-3116 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | N/A | 7.4 HIGH |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | |||||
| CVE-2024-32292 | 1 Tenda | 2 W30e, W30e Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2023-52624 | 1 Linux | 1 Linux Kernel | 2025-03-17 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface. | |||||
| CVE-2024-32283 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-03-17 | N/A | 7.3 HIGH |
| Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-32314 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-03-17 | N/A | 3.8 LOW |
| Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-32281 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | |||||
| CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | |||||
| CVE-2024-12992 | 2025-03-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 . | |||||
| CVE-2024-12971 | 2025-03-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 | |||||
| CVE-2025-2367 | 2025-03-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-55956 | 1 Cleo | 3 Harmony, Lexicom, Vltrader | 2025-03-14 | N/A | 9.8 CRITICAL |
| In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | |||||
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2025-03-14 | N/A | 9.8 CRITICAL |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | |||||
| CVE-2023-24184 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-14 | N/A | 9.8 CRITICAL |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2025-03-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2023-33300 | 2025-03-14 | N/A | 5.3 MEDIUM | ||
| A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port. | |||||