Total
2387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | |||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | |||||
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
| SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | |||||
| CVE-2024-28041 | 2025-03-28 | N/A | 8.8 HIGH | ||
| HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. | |||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2025-03-27 | N/A | 7.4 HIGH |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
| CVE-2025-2733 | 2025-03-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in mannaandpoem OpenManus up to 2025.3.13. This affects an unknown part of the file app/tool/python_execute.py of the component Prompt Handler. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-26296 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-26295 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-26297 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-26298 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2024-26294 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | |||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | N/A | 7.4 HIGH |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | |||||
| CVE-2024-27818 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-23333 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | |||||
| CVE-2021-31575 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||
| CVE-2021-31574 | 1 Mediatek | 4 En7528, En7528 Firmware, En7580 and 1 more | 2025-03-26 | N/A | 9.8 CRITICAL |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | |||||