Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53104 | 2025-07-03 | N/A | 9.1 CRITICAL | ||
| gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields (title, body, etc.) were directly interpolated into shell commands in a run: block. An attacker could craft a malicious GitHub Discussion title or body (e.g., $(curl ...)) to execute arbitrary shell commands on the Actions runner. This issue has been fixed in commit e6b4271 where the discussion-to-slack.yml workflow was removed. Users should remove the discussion-to-slack.yml workflow if using a fork or derivative of this repository. | |||||
| CVE-2024-54794 | 1 Eng | 1 Spagobi | 2025-07-03 | N/A | 9.1 CRITICAL |
| The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. | |||||
| CVE-2025-37096 | 1 Hpe | 1 Storeonce System | 2025-07-02 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-37089 | 1 Hpe | 1 Storeonce System | 2025-07-02 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2025-37092 | 1 Hpe | 1 Storeonce System | 2025-07-02 | N/A | 9.8 CRITICAL |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | |||||
| CVE-2024-3566 | 7 Golang, Haskell, Microsoft and 4 more | 7 Go, Process Library, Windows and 4 more | 2025-06-25 | N/A | 9.8 CRITICAL |
| A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |||||
| CVE-2024-24321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | |||||
| CVE-2023-51887 | 1 Ctan | 1 Mathtex | 2025-06-20 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | |||||
| CVE-2023-51126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | |||||
| CVE-2023-49237 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. | |||||
| CVE-2023-31446 | 1 Cassianetworks | 4 Xc1000, Xc1000 Firmware, Xc2000 and 1 more | 2025-06-20 | N/A | 9.8 CRITICAL |
| In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. | |||||
| CVE-2024-23049 | 1 B3log | 1 Symphony | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | |||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | |||||
| CVE-2024-29385 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | N/A | 9.0 CRITICAL |
| DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | |||||
| CVE-2024-29864 | 1 89luca89 | 1 Distrobox | 2025-06-17 | N/A | 9.8 CRITICAL |
| Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. | |||||
| CVE-2025-22941 | 1 Adtran | 2 411, 411 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
| Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-22939 | 1 Adtran | 2 411, 411 Firmware | 2025-06-12 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2023-45498 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-06-12 | N/A | 9.8 CRITICAL |
| VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | |||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | |||||