Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34043 | 2025-12-23 | N/A | N/A | ||
|
A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP requests. These commands are executed with the privileges of the web server process, enabling remote code execution and potential full device compromise. Exploitation evidence was observed by the Shadowserver F ...
Show More |
|||||
| CVE-2025-57516 | 1 Publiccms | 1 Publiccms | 2025-12-23 | N/A | 8.2 HIGH |
|
OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat file.
|
|||||
| CVE-2025-56120 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 1 more | 2025-12-23 | N/A | 8.8 HIGH |
|
OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.
|
|||||
| CVE-2025-56118 | 1 Ruijie | 4 Rg-ew3200gx, Rg-ew3200gx Firmware, Rg-x60 Pro and 1 more | 2025-12-23 | N/A | 8.8 HIGH |
|
OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
|
|||||
| CVE-2025-56122 | 1 Ruijie | 6 Rg-ew1800gx, Rg-ew1800gx Firmware, Rg-ew1800gx Pro and 3 more | 2025-12-23 | N/A | 8.8 HIGH |
|
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
|
|||||
| CVE-2025-65199 | 1 Windscribe | 1 Windscribe | 2025-12-23 | N/A | 7.8 HIGH |
|
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.
|
|||||
| CVE-2023-53948 | 2025-12-23 | N/A | 9.8 CRITICAL | ||
|
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
|
|||||
| CVE-2025-65074 | 1 Wavestore | 1 Video Management Software Server | 2025-12-22 | N/A | 7.2 HIGH |
|
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script.
This issue was fixed in version 6.44.44
|
|||||
| CVE-2025-25038 | 1 Minidvblinux | 1 Minidvblinux | 2025-12-22 | N/A | 9.8 CRITICAL |
|
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
|
|||||
| CVE-2025-64140 | 1 Jenkins | 1 Azure Cli | 2025-12-22 | N/A | 8.8 HIGH |
|
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
|
|||||
| CVE-2018-7046 | 1 Kentico | 1 Xperience | 2025-12-19 | 9.0 HIGH | 7.2 HIGH |
|
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout
|
|||||
| CVE-2024-12847 | 1 Netgear | 2 Dgn1000, Dgn1000 Firmware | 2025-12-19 | N/A | 9.8 CRITICAL |
|
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
|
|||||
| CVE-2025-66626 | 1 Argoproj | 1 Argo Workflows | 2025-12-19 | N/A | 8.1 HIGH |
|
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 i ...
Show More |
|||||
| CVE-2025-65008 | 2025-12-19 | N/A | N/A | ||
|
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
|
|||||
| CVE-2025-11774 | 2025-12-19 | N/A | 8.2 HIGH | ||
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.2 CFR3 and prior, ...
Show More |
|||||
| CVE-2025-67172 | 1 Ritecms | 1 Ritecms | 2025-12-18 | N/A | 7.2 HIGH |
|
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
|
|||||
| CVE-2025-68109 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | N/A | 9.1 CRITICAL |
|
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue.
|
|||||
| CVE-2023-51385 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2025-12-18 | N/A | 6.5 MEDIUM |
|
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
|
|||||
| CVE-2025-43873 | 2025-12-18 | N/A | N/A | ||
|
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.
|
|||||
| CVE-2025-68459 | 2025-12-18 | N/A | 7.2 HIGH | ||
|
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.
|
|||||
| CVE-2025-67738 | 2025-12-18 | N/A | 8.5 HIGH | ||
|
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the "cms" security option).
|
|||||
| CVE-2025-14586 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-12-18 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-56124 | 1 Ruijie | 4 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 1 more | 2025-12-18 | N/A | 7.8 HIGH |
|
OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
|
|||||
| CVE-2025-56127 | 1 Ruijie | 2 Rg-bcr600w, Rg-bcr600w Firmware | 2025-12-18 | N/A | 8.8 HIGH |
|
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua.
|
|||||
| CVE-2025-67640 | 1 Jenkins | 1 Git Client | 2025-12-17 | N/A | 5.0 MEDIUM |
|
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.
|
|||||
| CVE-2025-66576 | 1 Remotecontrolio | 1 Remote Keyboard Desktop | 2025-12-17 | N/A | 9.8 CRITICAL |
|
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.
|
|||||
| CVE-2025-29269 | 1 Allnet | 2 All-rut22gw, All-rut22gw Firmware | 2025-12-16 | N/A | 9.8 CRITICAL |
|
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.
|
|||||
| CVE-2023-53872 | 2025-12-16 | N/A | N/A | ||
|
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
|
|||||
| CVE-2024-29189 | 1 Ansys | 1 Pyansys Geometry | 2025-12-15 | N/A | 7.4 HIGH |
|
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.
|
|||||
| CVE-2025-56129 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2025-12-15 | N/A | 8.8 HIGH |
|
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.
|
|||||
| CVE-2025-36354 | 1 Ibm | 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more | 2025-12-15 | N/A | 7.3 HIGH |
|
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0
could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.
|
|||||
| CVE-2025-13481 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2025-12-15 | N/A | 8.8 HIGH |
|
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
|
|||||
| CVE-2024-58314 | 2025-12-15 | N/A | 8.8 HIGH | ||
|
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.
|
|||||
| CVE-2024-14010 | 2025-12-15 | N/A | 9.8 CRITICAL | ||
|
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
|
|||||
| CVE-2024-58294 | 1 Sangoma | 1 Freepbx | 2025-12-15 | N/A | 8.8 HIGH |
|
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.
|
|||||
| CVE-2025-8693 | 1 Zyxel | 108 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 105 more | 2025-12-15 | N/A | 8.8 HIGH |
|
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
|
|||||
| CVE-2025-11490 | 1 Wonderwhy-er | 1 Desktopcommandermcp | 2025-12-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "The usual use case is that AI is asked to do something, picks commands itself, and typically uses simple command n ...
Show More |
|||||
| CVE-2025-11491 | 1 Wonderwhy-er | 1 Desktopcommandermcp | 2025-12-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2024-58286 | 2025-12-12 | N/A | N/A | ||
|
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.
|
|||||
| CVE-2025-34334 | 1 Audiocodes | 2 Fax Server, Interactive Voice Response | 2025-12-11 | N/A | 8.8 HIGH |
|
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run di ...
Show More |
|||||