Total
5002 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64120 | 2026-01-08 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. | |||||
| CVE-2025-64124 | 2026-01-08 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. | |||||
| CVE-2025-15471 | 2026-01-08 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-36910 | 2026-01-08 | N/A | 8.8 HIGH | ||
| Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root. | |||||
| CVE-2025-6225 | 2026-01-08 | N/A | N/A | ||
| Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02 | |||||
| CVE-2019-25289 | 2026-01-08 | N/A | 8.8 HIGH | ||
| SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials. | |||||
| CVE-2025-61304 | 1 Dynatrace | 1 Activegate Ping Extension | 2026-01-08 | N/A | 9.8 CRITICAL |
| OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address. | |||||
| CVE-2025-13306 | 1 Dlink | 8 Dir-822k, Dir-822k Firmware, Dir-825m and 5 more | 2026-01-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-66209 | 1 Coollabs | 1 Coolify | 2026-01-07 | N/A | 9.9 CRITICAL |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in backup operations are passed directly to shell commands without sanitization, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue. | |||||
| CVE-2025-56117 | 1 Ruijie | 4 Rg-est310, Rg-est310 Firmware, X30 Pro and 1 more | 2026-01-07 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | |||||
| CVE-2025-56114 | 1 Ruijie | 4 M18-ew, M18-ew Firmware, Rg-ew1300g and 1 more | 2026-01-07 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | |||||
| CVE-2025-56111 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-07 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua. | |||||
| CVE-2025-66398 | 1 Signalk | 1 Signal K Server | 2026-01-06 | N/A | 9.6 CRITICAL |
| Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability. | |||||
| CVE-2025-68700 | 1 Infiniflow | 1 Ragflow | 2026-01-06 | N/A | 8.8 HIGH |
| RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox isolation. This occurs because untrusted data (stdout) is parsed using eval() with no filtering or sandboxing. The intended design was to "automatically convert string results into Python objects," but this effectively executes attacker-controlled code. Additional endpoints lack access control or contain inverted permission logic, significantly expanding the attack surface and enabling chained exploitation. Version 0.23.0 contains a patch for the issue. | |||||
| CVE-2025-66213 | 1 Coollabs | 1 Coolify | 2026-01-06 | N/A | 8.8 HIGH |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The file_storage_directory_source parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. Version 4.0.0-beta.451 fixes the issue. | |||||
| CVE-2025-66212 | 1 Coollabs | 1 Coolify | 2026-01-06 | N/A | 8.8 HIGH |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Proxy configuration filenames are passed to shell commands without proper escaping, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue. | |||||
| CVE-2025-66211 | 1 Coollabs | 1 Coolify | 2026-01-06 | N/A | 8.8 HIGH |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. PostgreSQL initialization script filenames are passed to shell commands without proper validation, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue. | |||||
| CVE-2025-66210 | 1 Coollabs | 1 Coolify | 2026-01-06 | N/A | 8.8 HIGH |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in import operations are passed directly to shell commands without sanitization, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue. | |||||
| CVE-2025-65882 | 1 Openmptcprouter | 1 Openmptcprouter | 2026-01-02 | N/A | 9.8 CRITICAL |
| An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands. | |||||
| CVE-2025-15254 | 1 Tenda | 2 W6-s, W6-s Firmware | 2026-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||