Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55030 | 1 Nasa | 1 Fprime | 2025-04-03 | N/A | 9.8 CRITICAL |
|
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
|
|||||
| CVE-2024-25850 | 1 Netis-systems | 2 Wf2780, Wf2780 Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
|
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
|
|||||
| CVE-1999-0039 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
|
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
|
|||||
| CVE-2005-2793 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
|
|||||
| CVE-2025-29226 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
|
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.
|
|||||
| CVE-2025-29227 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
|
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.
|
|||||
| CVE-2025-29230 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 8.6 HIGH |
|
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.
|
|||||
| CVE-2025-2983 | 2025-04-01 | 5.2 MEDIUM | 5.5 MEDIUM | ||
|
A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-3008 | 2025-04-01 | 5.2 MEDIUM | 5.5 MEDIUM | ||
|
A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-3002 | 2025-04-01 | 7.5 HIGH | 7.3 HIGH | ||
|
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2025-29223 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
|
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.
|
|||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2025-04-01 | N/A | 7.4 HIGH |
|
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
|
|||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2025-04-01 | N/A | 7.4 HIGH |
|
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.
|
|||||
| CVE-2024-28353 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | N/A | 8.8 HIGH |
|
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.
|
|||||
| CVE-2024-28354 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | N/A | 10.0 CRITICAL |
|
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.
|
|||||
| CVE-2024-1781 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-01 | 5.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2025-04-01 | N/A | 7.4 HIGH |
|
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.
|
|||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | N/A | 7.4 HIGH |
|
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
|
|||||
| CVE-2024-22546 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2025-04-01 | N/A | 6.4 MEDIUM |
|
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
|
|||||
| CVE-2023-51835 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2025-04-01 | N/A | 6.8 MEDIUM |
|
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
|
|||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2025-03-31 | N/A | 7.2 HIGH |
|
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
|
|||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Apache-airflow-providers-mysql | 2025-03-31 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
|
|||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2025-03-28 | N/A | 4.8 MEDIUM |
|
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file.
|
|||||
| CVE-2024-12251 | 1 Telerik | 1 Ui For Winui | 2025-03-28 | N/A | 7.8 HIGH |
|
In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
|
|||||
| CVE-2025-2916 | 2025-03-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 7.2 HIGH |
|
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.
|
|||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 4.4 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
|
|||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
|
|||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
|
|||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
|
|||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
|
|||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
|
|||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
|
|||||
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
|
|||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2025-03-28 | N/A | 9.8 CRITICAL |
|
The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.
|
|||||
| CVE-2024-28041 | 2025-03-28 | N/A | 8.8 HIGH | ||
|
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
|
|||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2025-03-27 | N/A | 7.4 HIGH |
|
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function.
**Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
|
|||||
| CVE-2025-2733 | 2025-03-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-26296 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||
| CVE-2024-26295 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
|
|||||