Total
5719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64140 | 1 Jenkins | 1 Azure Cli | 2025-12-22 | N/A | 8.8 HIGH |
| Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands. | |||||
| CVE-2018-7046 | 1 Kentico | 1 Xperience | 2025-12-19 | 9.0 HIGH | 7.2 HIGH |
| Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout | |||||
| CVE-2024-12847 | 1 Netgear | 2 Dgn1000, Dgn1000 Firmware | 2025-12-19 | N/A | 9.8 CRITICAL |
| NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC. | |||||
| CVE-2025-66626 | 1 Argoproj | 1 Argo Workflows | 2025-12-19 | N/A | 8.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5. | |||||
| CVE-2025-67172 | 1 Ritecms | 1 Ritecms | 2025-12-18 | N/A | 7.2 HIGH |
| RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function. | |||||
| CVE-2025-68109 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | N/A | 9.1 CRITICAL |
| ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue. | |||||
| CVE-2025-56124 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 1 more | 2025-12-18 | N/A | 7.8 HIGH |
| OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | |||||
| CVE-2025-56127 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-18 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua. | |||||
| CVE-2025-67640 | 1 Jenkins | 1 Git Client | 2025-12-17 | N/A | 5.0 MEDIUM |
| Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands. | |||||
| CVE-2025-66576 | 1 Remotecontrolio | 1 Remote Keyboard Desktop | 2025-12-17 | N/A | 9.8 CRITICAL |
| Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution. | |||||
| CVE-2025-29269 | 1 Allnet | 2 All-rut22gw, All-rut22gw Firmware | 2025-12-16 | N/A | 9.8 CRITICAL |
| ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint. | |||||
| CVE-2025-56129 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2025-12-15 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua. | |||||
| CVE-2025-36354 | 1 Ibm | 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more | 2025-12-15 | N/A | 7.3 HIGH |
| IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input. | |||||
| CVE-2025-13481 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2025-12-15 | N/A | 8.8 HIGH |
| IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input. | |||||
| CVE-2024-58294 | 1 Sangoma | 1 Freepbx | 2025-12-15 | N/A | 8.8 HIGH |
| FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access. | |||||
| CVE-2025-8693 | 1 Zyxel | 108 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 105 more | 2025-12-15 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device. | |||||
| CVE-2025-34334 | 1 Audiocodes | 2 Fax Server, Interactive Voice Response | 2025-12-11 | N/A | 8.8 HIGH |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation. | |||||
| CVE-2025-34335 | 1 Audiocodes | 2 Fax Server, Interactive Voice Response | 2025-12-11 | N/A | 8.8 HIGH |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM. | |||||
| CVE-2025-63932 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2025-12-11 | N/A | 7.3 HIGH |
| D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command. | |||||
| CVE-2023-47218 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-10 | N/A | 5.8 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | |||||