Total
2411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | N/A | 7.4 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2024-22546 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2025-04-01 | N/A | 6.4 MEDIUM |
| TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | |||||
| CVE-2023-51835 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2025-04-01 | N/A | 6.8 MEDIUM |
| An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. | |||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2025-03-31 | N/A | 7.2 HIGH |
| DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | |||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Apache-airflow-providers-mysql | 2025-03-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | |||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2025-03-28 | N/A | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-12251 | 1 Telerik | 1 Ui For Winui | 2025-03-28 | N/A | 7.8 HIGH |
| In ProgressĀ® TelerikĀ® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2025-2916 | 2025-03-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 7.2 HIGH |
| Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | |||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 4.4 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | |||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | |||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | |||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | |||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | |||||
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
| SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | |||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2025-03-28 | N/A | 9.8 CRITICAL |
| The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | |||||
| CVE-2024-28041 | 2025-03-28 | N/A | 8.8 HIGH | ||
| HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. | |||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2025-03-27 | N/A | 7.4 HIGH |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||