Total
2568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44860 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44861 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44862 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44863 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-21117 | 1 Oracle | 1 Outside In Technology | 2025-05-21 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2025-2717 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-05-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1800 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2025-05-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33112 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | N/A | 7.5 HIGH |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | |||||
| CVE-2024-33113 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | N/A | 5.3 MEDIUM |
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | |||||
| CVE-2024-33344 | 1 Dlink | 2 Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33342 | 1 Dlink | 2 Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | N/A | 7.5 HIGH |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2022-41870 | 1 Innovaphone | 1 Innovaphone Firmware | 2025-05-20 | N/A | 7.2 HIGH |
| AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | |||||
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-05-19 | N/A | 7.8 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-45798 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-05-19 | N/A | 9.8 CRITICAL |
| A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. | |||||
| CVE-2025-4747 | 2025-05-16 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-42160 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2025-05-16 | N/A | 8.8 HIGH |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | |||||
| CVE-2024-23749 | 1 9bis | 1 Kitty | 2025-05-15 | N/A | 7.8 HIGH |
| KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | |||||
| CVE-2024-22107 | 1 Gttb | 1 Gtb Central Console | 2025-05-15 | N/A | 7.2 HIGH |
| An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. | |||||
| CVE-2023-40263 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-05-15 | N/A | 8.8 HIGH |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp. | |||||
| CVE-2022-42897 | 1 Arraynetworks | 15 Ag1000, Ag1000t, Ag1000v5 and 12 more | 2025-05-15 | N/A | 9.8 CRITICAL |
| Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | |||||