Total
2966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||||
| CVE-2025-22912 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | |||||
| CVE-2025-22949 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | |||||
| CVE-2024-32282 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 6.5 MEDIUM |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-35340 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | N/A | 8.6 HIGH |
| Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. | |||||
| CVE-2024-22544 | 1 Linksys | 2 E1700, E1700 Firmware | 2025-04-08 | N/A | 8.0 HIGH |
| An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | |||||
| CVE-2023-36805 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-08 | N/A | 7.0 HIGH |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-22671 | 1 Nsa | 1 Ghidra | 2025-04-07 | N/A | 9.8 CRITICAL |
| Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | |||||
| CVE-2025-25791 | 1 Yzncms | 1 Yzncms | 2025-04-07 | N/A | 4.4 MEDIUM |
| An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2024-51772 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | N/A | 6.4 MEDIUM |
| An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||
| CVE-2024-53672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | N/A | 4.7 MEDIUM |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | |||||
| CVE-2024-51771 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | N/A | 7.2 HIGH |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | |||||
| CVE-2024-10697 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-36783 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. | |||||
| CVE-2024-30572 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | N/A | 8.0 HIGH |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. | |||||
| CVE-2025-25604 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | N/A | 6.5 MEDIUM |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. | |||||