Total
3944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25220 | 2025-03-18 | N/A | 8.8 HIGH | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker. | |||||
| CVE-2025-24306 | 2025-03-18 | N/A | 7.2 HIGH | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege. | |||||
| CVE-2024-57011 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | |||||
| CVE-2023-5002 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-03-17 | N/A | 6.0 MEDIUM |
| A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | |||||
| CVE-2025-30076 | 2025-03-17 | N/A | 7.7 HIGH | ||
| Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. | |||||
| CVE-2024-35519 | 1 Netgear | 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more | 2025-03-17 | N/A | 8.4 HIGH |
| Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | |||||
| CVE-2024-48826 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | |||||
| CVE-2024-48825 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | N/A | 8.8 HIGH |
| Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | |||||
| CVE-2025-2367 | 2025-03-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2019-20500 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2025-03-14 | 7.2 HIGH | 7.8 HIGH |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | |||||
| CVE-2021-27104 | 1 Accellion | 1 Fta | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | |||||
| CVE-2018-9276 | 1 Paessler | 1 Prtg Network Monitor | 2025-03-14 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. | |||||
| CVE-2020-10221 | 1 Rconfig | 1 Rconfig | 2025-03-14 | 9.0 HIGH | 8.8 HIGH |
| lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | |||||
| CVE-2017-6884 | 1 Zyxel | 2 Emg2926, Emg2926 Firmware | 2025-03-14 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | |||||
| CVE-2018-11138 | 1 Quest | 1 Kace System Management Appliance | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | |||||
| CVE-2022-44877 | 1 Control-webpanel | 1 Webpanel | 2025-03-14 | N/A | 9.8 CRITICAL |
| login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. | |||||
| CVE-2019-15107 | 1 Webmin | 1 Webmin | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | |||||
| CVE-2019-12991 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2025-03-14 | 9.0 HIGH | 8.8 HIGH |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | |||||
| CVE-2018-14839 | 1 Lg | 2 N1a1, N1a1 Firmware | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | |||||
| CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2025-03-14 | 9.0 HIGH | 7.2 HIGH |
| On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | |||||