Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | |||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | N/A | 6.7 MEDIUM |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | |||||
| CVE-2024-48153 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | |||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||||
| CVE-2025-22912 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | |||||
| CVE-2025-22949 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | |||||
| CVE-2025-27083 | 2025-04-09 | N/A | 7.2 HIGH | ||
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2024-32282 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 6.5 MEDIUM |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-35340 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | N/A | 8.6 HIGH |
| Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. | |||||
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | |||||
| CVE-2024-22544 | 1 Linksys | 2 E1700, E1700 Firmware | 2025-04-08 | N/A | 8.0 HIGH |
| An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | |||||
| CVE-2023-36805 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-08 | N/A | 7.0 HIGH |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-22671 | 1 Nsa | 1 Ghidra | 2025-04-07 | N/A | 9.8 CRITICAL |
| Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | |||||
| CVE-2025-25791 | 1 Yzncms | 1 Yzncms | 2025-04-07 | N/A | 4.4 MEDIUM |
| An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2024-51772 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | N/A | 6.4 MEDIUM |
| An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | |||||