Total
2568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57229 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||||
| CVE-2025-45042 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
| Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | |||||
| CVE-2024-51186 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. | |||||
| CVE-2025-46735 | 2025-05-07 | N/A | N/A | ||
| Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue. | |||||
| CVE-2025-46816 | 2025-05-07 | N/A | 9.4 CRITICAL | ||
| goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue. | |||||
| CVE-2025-26262 | 2025-05-07 | N/A | 6.5 MEDIUM | ||
| An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. | |||||
| CVE-2024-29435 | 1 Alldata | 1 Alldata | 2025-05-07 | N/A | 4.1 MEDIUM |
| An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. | |||||
| CVE-2025-28017 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | N/A | 6.5 MEDIUM |
| TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | |||||
| CVE-2024-22061 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 9.8 CRITICAL |
| A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | |||||
| CVE-2023-49959 | 1 Indu-sol | 1 Profinet-inspektor Nt | 2025-05-05 | N/A | 9.8 CRITICAL |
| In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/start_update endpoint. | |||||
| CVE-2020-10826 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 10.0 HIGH | 9.8 CRITICAL |
| /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | |||||
| CVE-2023-26801 | 1 Lb-link | 8 Bl-ac1900, Bl-ac1900 Firmware, Bl-lte300 and 5 more | 2025-05-05 | N/A | 9.8 CRITICAL |
| LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | |||||
| CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-05 | N/A | 9.8 CRITICAL |
| D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | |||||
| CVE-2025-4076 | 2025-05-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37385 | 1 Roundcube | 1 Webmail | 2025-05-01 | N/A | 9.8 CRITICAL |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. | |||||
| CVE-2023-0830 | 1 Easynas | 1 Easynas | 2025-05-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2025-28145 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. | |||||
| CVE-2025-28143 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. | |||||
| CVE-2025-28142 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | N/A | 6.5 MEDIUM |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. | |||||
| CVE-2022-42904 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-04-30 | N/A | 7.2 HIGH |
| Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | |||||