Total
2295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28017 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | |||||
| CVE-2023-51707 | 1 Arraynetworks | 3 Ag, Arrayos Ag, Vxag | 2025-04-23 | N/A | 9.8 CRITICAL |
| MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. | |||||
| CVE-2024-25082 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-04-23 | N/A | 6.5 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. | |||||
| CVE-2024-25081 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-04-23 | N/A | 4.2 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted filenames. | |||||
| CVE-2024-40110 | 1 Nikhil-bhalerao | 1 Poultry Farm Management System | 2025-04-23 | N/A | 9.8 CRITICAL |
| Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | |||||
| CVE-2024-40445 | 2025-04-23 | N/A | 7.3 HIGH | ||
| Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload | |||||
| CVE-2025-29743 | 2025-04-23 | N/A | 6.5 MEDIUM | ||
| D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. | |||||
| CVE-2025-43948 | 2025-04-23 | N/A | 7.3 HIGH | ||
| Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input value for a parameter or qualifier (such as for sorting), which will get executed on the server side. | |||||
| CVE-2024-54802 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. | |||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.1 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-31702 | 1 Vmware | 1 Vrealize Network Insight | 2025-04-22 | N/A | 9.8 CRITICAL |
| vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | |||||
| CVE-2025-29209 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
| TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. | |||||
| CVE-2022-46404 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-04-22 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. | |||||
| CVE-2022-44832 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | |||||
| CVE-2024-57536 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.0 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. | |||||
| CVE-2024-57539 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.2 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. | |||||
| CVE-2024-35241 | 2025-04-21 | N/A | 8.8 HIGH | ||
| Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | |||||
| CVE-2024-46089 | 2025-04-21 | N/A | 6.3 MEDIUM | ||
| 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. | |||||
| CVE-2025-3816 | 2025-04-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-8135 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||