Total
2766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64991 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.8 MEDIUM |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | |||||
| CVE-2025-64992 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.8 MEDIUM |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | |||||
| CVE-2025-64993 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.8 MEDIUM |
| A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform. | |||||
| CVE-2025-15471 | 2026-01-08 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13306 | 1 Dlink | 8 Dir-822k, Dir-822k Firmware, Dir-825m and 5 more | 2026-01-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-13442 | 1 Utt | 2 750w, 750w Firmware | 2026-01-08 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15132 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-15131 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-15133 | 1 Zspace | 2 Z4pro\+, Z4pro\+ Firmware | 2026-01-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-14884 | 1 Dlink | 2 Dir-605, Dir-605 Firmware | 2026-01-07 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-15136 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2026-01-07 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15137 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2026-01-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15139 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2026-01-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29228 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-01-06 | N/A | 9.8 CRITICAL |
| Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. | |||||
| CVE-2025-29229 | 1 Linksys | 2 E5600, E5600 Firmware | 2026-01-06 | N/A | 9.8 CRITICAL |
| linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. | |||||
| CVE-2025-25364 | 1 Connectify | 1 Speedify | 2026-01-06 | N/A | 8.4 HIGH |
| A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges. | |||||
| CVE-2025-57200 | 1 Avtech | 2 Dgm1104, Dgm1104 Firmware | 2026-01-05 | N/A | 6.5 MEDIUM |
| AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2025-45493 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-01-05 | N/A | 6.5 MEDIUM |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function. | |||||
| CVE-2024-46060 | 2 Anaconda, Apple | 2 Anaconda3, Macos | 2026-01-05 | N/A | 7.8 HIGH |
| Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | |||||
| CVE-2024-46062 | 2 Apple, Conda | 2 Macos, Miniconda3 | 2026-01-05 | N/A | 7.8 HIGH |
| Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | |||||