Total
3358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26056 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands on the underlying system with the same privileges as the web application process. | |||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | |||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | |||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | |||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | |||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 4.4 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | |||||
| CVE-2025-25791 | 1 Yzncms | 1 Yzncms | 2026-06-17 | N/A | 4.4 MEDIUM |
| An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2025-25768 | 1 Mrcms | 1 Mrcms | 2026-06-17 | N/A | 5.4 MEDIUM |
| MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2026-06-17 | N/A | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2025-25743 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2026-06-17 | N/A | 7.2 HIGH |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | |||||
| CVE-2025-25692 | 1 Prestashop | 1 Prestashop | 2026-06-17 | N/A | 6.5 MEDIUM |
| A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-25691 | 1 Prestashop | 1 Prestashop | 2026-06-17 | N/A | 6.5 MEDIUM |
| A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | |||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||||
| CVE-2025-25605 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. | |||||
| CVE-2025-25604 | 1 Totolink | 2 X5000r, X5000r Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. | |||||
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | |||||
| CVE-2025-25364 | 1 Connectify | 1 Speedify | 2026-06-17 | N/A | 8.4 HIGH |
| A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges. | |||||