Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29887 | 1 Qnap | 1 Qurouter | 2026-06-17 | N/A | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | |||||
| CVE-2025-29743 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. | |||||
| CVE-2025-29635 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2026-06-17 | N/A | 7.2 HIGH |
| A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution. | |||||
| CVE-2025-29628 | 2026-06-17 | N/A | 9.4 CRITICAL | ||
| A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits. | |||||
| CVE-2025-29523 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 7.2 HIGH |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. | |||||
| CVE-2025-29522 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. | |||||
| CVE-2025-29519 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | |||||
| CVE-2025-29517 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | |||||
| CVE-2025-29516 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 7.2 HIGH |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | |||||
| CVE-2025-29509 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal(). | |||||
| CVE-2025-29230 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 8.6 HIGH |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter. | |||||
| CVE-2025-29229 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. | |||||
| CVE-2025-29228 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. | |||||
| CVE-2025-29227 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. | |||||
| CVE-2025-29226 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. | |||||
| CVE-2025-29223 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. | |||||
| CVE-2025-29209 | 1 Totolink | 2 X18, X18 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. | |||||
| CVE-2025-29157 | 1 Smartbear | 1 Swagger Petstore | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version | |||||
| CVE-2025-29155 | 1 Smartbear | 1 Swagger Petstore | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint | |||||
| CVE-2025-29154 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/, .galera.app/escolaridade/listagem/, .galera.app/estados_civis/cadastro/, .galera.app/nivel_hierarquico/listagem/, .galera.app/nivel_decisorio/cadastro/, .galera.app/escolaridade/cadastro/, .galera.app/nivel_decisorio/listagem/, .galera.app/rh/cadastros/perspectivas/listagem/, .galera.app/empresas_grupo/cadastro/, .galera.app/empresas/edicao/, .galera.app/liais/listagem/, .galera.app/noticias/listagem/, .galera.app/gerenciamento-de-ciclo/abertura/cadastrar, .galera.app/colaborador/cadastro/cursos/adc/edicao/, .galera.app/colaborador/cadastro/adc/, .galera.app/cads_aux/escalact/, .galera.app/ncf/tec/cadastro/ct/ .galera.app/rh/metas/painel/, .galera.app/rh/metas/equipe/edicao/, .galera.app/rh/pdi/tipo_recursos/edicao/, .galera.app/rh/pdi/familia_recursos/cadastro/, .galera.app/rh/pdi/fornecedores/edicao/, and .galera.app/rh/pdi/recursos/cadastro/ components. | |||||