Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2730 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-2729 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-2728 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-2727 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-2726 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-2725 | 2025-04-11 | 7.7 HIGH | 8.0 HIGH | ||
|
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2022-44621 | 1 Apache | 1 Kylin | 2025-04-11 | N/A | 9.8 CRITICAL |
|
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
|
|||||
| CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2025-04-11 | 3.5 LOW | N/A |
|
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
|
|||||
| CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.1 MEDIUM | N/A |
|
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790.
|
|||||
| CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2025-04-11 | 9.3 HIGH | N/A |
|
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
|
|||||
| CVE-2023-24467 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
|
|||||
| CVE-2021-38117 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
|
|||||
| CVE-2021-38116 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText™ iManager. This impacts all versions before 3.2.5
|
|||||
| CVE-2022-39084 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39083 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39082 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39081 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-32665 | 1 Mediatek | 3 En7528, En7580, Linkit Software Development Kit | 2025-04-10 | N/A | 9.8 CRITICAL |
|
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
|
|||||
| CVE-2022-32664 | 1 Mediatek | 7 En7516, En7528, En7529 and 4 more | 2025-04-10 | N/A | 8.8 HIGH |
|
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
|
|||||
| CVE-2024-51304 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
|
|||||
| CVE-2024-51257 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
|
|||||
| CVE-2024-51296 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
|
|||||
| CVE-2024-51299 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
|
|||||
| CVE-2024-51300 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
|
|||||
| CVE-2024-51301 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
|
|||||
| CVE-2024-51258 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
|
|||||
| CVE-2024-51254 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
|
|||||
| CVE-2024-51259 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
|
|||||
| CVE-2024-51255 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
|
|||||
| CVE-2024-51260 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
|
|||||
| CVE-2022-39088 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
|
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
|
|||||
| CVE-2024-48153 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
|
|||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.
|
|||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.
|
|||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
|
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
|
|||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
|
|||||
| CVE-2025-22912 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
|
|||||