Total
4704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48624 | 1 Greenwoodsoftware | 1 Less | 2025-03-27 | N/A | 7.8 HIGH |
| close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | |||||
| CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-03-27 | N/A | 8.8 HIGH |
| D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | |||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | N/A | 7.4 HIGH |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | |||||
| CVE-2022-25906 | 1 Is-http2 Project | 1 Is-http2 | 2025-03-26 | N/A | 7.4 HIGH |
| All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. | |||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | N/A | 7.4 HIGH |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2022-45768 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. | |||||
| CVE-2024-57016 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. | |||||
| CVE-2022-46649 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | N/A | 8.8 HIGH |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | |||||
| CVE-2024-57021 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-20 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. | |||||
| CVE-2024-57022 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-19 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. | |||||
| CVE-2024-57019 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-18 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. | |||||
| CVE-2024-57020 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-18 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. | |||||
| CVE-2024-53942 | 2025-03-18 | N/A | 4.8 MEDIUM | ||
| An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input. | |||||
| CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2025-03-18 | N/A | 9.8 CRITICAL |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
| CVE-2024-57014 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-18 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. | |||||
| CVE-2024-57015 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-18 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. | |||||
| CVE-2025-25220 | 2025-03-18 | N/A | 8.8 HIGH | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker. | |||||
| CVE-2025-24306 | 2025-03-18 | N/A | 7.2 HIGH | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege. | |||||
| CVE-2024-57011 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | |||||