Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29083 | 1 Cszcms | 1 Csz Cms | 2026-06-17 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. | |||||
| CVE-2025-29063 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. | |||||
| CVE-2025-29062 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. | |||||
| CVE-2025-28145 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. | |||||
| CVE-2025-28143 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. | |||||
| CVE-2025-28142 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. | |||||
| CVE-2025-28017 | 1 Totolink | 2 A800r, A800r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | |||||
| CVE-2025-27954 | 1 Philips | 1 Clinical Collaboration Platform | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | |||||
| CVE-2025-27953 | 1 Philips | 1 Clinical Collaboration Platform | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. | |||||
| CVE-2025-27423 | 2 Netapp, Vim | 2 Hci Compute Node, Vim | 2026-06-17 | N/A | 7.1 HIGH |
| Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164 | |||||
| CVE-2025-27233 | 2026-06-17 | N/A | N/A | ||
| Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system. | |||||
| CVE-2025-27212 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later | |||||
| CVE-2025-27211 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. | |||||
| CVE-2025-27146 | 1 Matrix | 1 Matrix Irc Bridge | 2026-06-17 | N/A | 2.7 LOW |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4. | |||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2026-06-17 | N/A | 7.0 HIGH |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-26385 | 2026-06-17 | N/A | N/A | ||
| Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation, * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation, * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1, * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior, * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior. | |||||
| CVE-2025-26331 | 1 Dell | 12 Latitude 3420, Latitude 3440, Latitude 5440 and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | |||||
| CVE-2025-26262 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. | |||||
| CVE-2025-26063 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network. | |||||