Total
2267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44842 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44841 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44840 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44839 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44838 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | N/A | 6.3 MEDIUM |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44837 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | N/A | 6.3 MEDIUM |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44836 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | N/A | 6.3 MEDIUM |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-20258 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users. | |||||
| CVE-2025-5030 | 2025-05-21 | 5.1 MEDIUM | 5.0 MEDIUM | ||
| A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52022 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2025-44848 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44860 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44861 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44862 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.3 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44863 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-21117 | 1 Oracle | 1 Outside In Technology | 2025-05-21 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2025-2717 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-05-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1800 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2025-05-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-33112 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | N/A | 7.5 HIGH |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | |||||
| CVE-2024-33113 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | N/A | 5.3 MEDIUM |
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | |||||