Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3002 | 2026-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-37176 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.5 MEDIUM |
| A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism. | |||||
| CVE-2025-37163 | 1 Arubanetworks | 1 Airwave | 2026-06-17 | N/A | 7.2 HIGH |
| A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. | |||||
| CVE-2025-37162 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||
| CVE-2025-37146 | 2026-06-17 | N/A | 7.2 HIGH | ||
| A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||
| CVE-2025-37138 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.2 MEDIUM |
| An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37134 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 7.2 HIGH |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37133 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 7.2 HIGH |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37102 | 2026-06-17 | N/A | 7.2 HIGH | ||
| An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user. | |||||
| CVE-2025-37096 | 1 Hpe | 1 Storeonce System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-37092 | 1 Hpe | 1 Storeonce System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-37091 | 1 Hpe | 1 Storeonce System | 2026-06-17 | N/A | 7.2 HIGH |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-37089 | 1 Hpe | 1 Storeonce System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-34267 | 1 Flowiseai | 1 Flowise | 2026-06-17 | N/A | 9.9 CRITICAL |
| Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/Playwright can specify attacker-controlled browser binary paths and parameters. When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the host. This vulnerability was incorrectly assigned as a duplicate CVE-2025-26319 by the developers and should be considered distinct from that identifier. | |||||
| CVE-2025-33249 | 1 Nvidia | 1 Nemo | 2026-06-17 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-33246 | 1 Nvidia | 1 Nemo | 2026-06-17 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure. | |||||
| CVE-2025-33181 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-06-17 | N/A | 7.3 HIGH |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2025-33180 | 1 Nvidia | 5 Cumulus Linux, Dgx Gb200, Gb300 Nvl72 and 2 more | 2026-06-17 | N/A | 8.0 HIGH |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2025-32813 | 1 Infoblox | 1 Netmri | 2026-06-17 | N/A | 7.2 HIGH |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. | |||||
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | |||||