Total
2356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46089 | 1 74cms | 1 74cms | 2025-05-28 | N/A | 6.3 MEDIUM |
| 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. | |||||
| CVE-2025-1845 | 1 Esafenet | 1 Dsm | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49437 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-05-28 | N/A | 9.8 CRITICAL |
| Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | |||||
| CVE-2023-40301 | 1 Netscout | 1 Ngeniuspulse | 2025-05-28 | N/A | 9.8 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | |||||
| CVE-2022-37881 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-37879 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2025-44835 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2025-05-28 | N/A | 6.3 MEDIUM |
| D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2025-3249 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4009 | 2025-05-28 | N/A | N/A | ||
| The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others. | |||||
| CVE-2025-0528 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac18 and 3 more | 2025-05-28 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-44864 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44865 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44866 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44867 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | N/A | 6.3 MEDIUM |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-37642 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 9.1 CRITICAL |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||||
| CVE-2024-38903 | 1 H3c | 2 Magic R230, Magic R230 Firmware | 2025-05-27 | N/A | 4.1 MEDIUM |
| H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. | |||||
| CVE-2025-46625 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. | |||||
| CVE-2025-44877 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44872 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-55062 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-24 | N/A | 9.8 CRITICAL |
| Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/. | |||||