Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35374 | 1 Mocodo | 1 Mocodo Online | 2025-06-10 | N/A | 9.8 CRITICAL |
| Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions. | |||||
| CVE-2024-22729 | 1 Netis-systems | 2 Mw5360, Mw5360 Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | |||||
| CVE-2024-22529 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | |||||
| CVE-2025-45800 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. | |||||
| CVE-2024-46256 | 1 Jc21 | 1 Nginx Proxy Manager | 2025-06-03 | N/A | 9.8 CRITICAL |
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | |||||
| CVE-2023-48842 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. | |||||
| CVE-2025-44084 | 1 Dlink | 2 Di-8100, Di-8100g Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. | |||||
| CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | |||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | |||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | |||||
| CVE-2024-57590 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | |||||
| CVE-2023-49437 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-05-28 | N/A | 9.8 CRITICAL |
| Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | |||||
| CVE-2023-40301 | 1 Netscout | 1 Ngeniuspulse | 2025-05-28 | N/A | 9.8 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | |||||
| CVE-2024-37642 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 9.1 CRITICAL |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||||
| CVE-2025-44877 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44872 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-55062 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-24 | N/A | 9.8 CRITICAL |
| Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/. | |||||
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | N/A | 9.8 CRITICAL |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | |||||
| CVE-2024-33344 | 1 Dlink | 2 Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2025-45798 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-05-19 | N/A | 9.8 CRITICAL |
| A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. | |||||