Total
4300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
| CVE-2022-45996 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | N/A | 7.2 HIGH |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | |||||
| CVE-2022-45977 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | |||||
| CVE-2024-50993 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | 8.0 HIGH |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-24431 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | |||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 7.2 HIGH |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | |||||
| CVE-2022-42139 | 1 Deltaww | 2 Dvw-w02w2-e2, Dvw-w02w2-e2 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | |||||
| CVE-2024-57542 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. | |||||
| CVE-2022-45005 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. | |||||
| CVE-2025-30286 | 1 Adobe | 1 Coldfusion | 2025-04-21 | N/A | 8.4 HIGH |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. | |||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | |||||
| CVE-2022-46631 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | |||||
| CVE-2025-3816 | 2025-04-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-7175 | 1 Nfsen | 1 Nfsen | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | |||||
| CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | |||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2017-17888 | 1 Hoytech | 1 Antiweb | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | |||||
| CVE-2014-8389 | 1 Airlive | 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | |||||
| CVE-2017-9828 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. | |||||
| CVE-2017-9483 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. | |||||