Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10035 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-10-24 | N/A | 10.0 CRITICAL |
| A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. | |||||
| CVE-2024-12356 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2025-10-24 | N/A | 9.8 CRITICAL |
| A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | |||||
| CVE-2025-10020 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-10-24 | N/A | 8.5 HIGH |
| Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | |||||
| CVE-2024-41153 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2025-10-24 | N/A | 7.2 HIGH |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |||||
| CVE-2025-57164 | 1 Flowiseai | 1 Flowise | 2025-10-23 | N/A | 6.5 MEDIUM |
| Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field. | |||||
| CVE-2025-41721 | 2025-10-22 | N/A | 2.7 LOW | ||
| A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate. | |||||
| CVE-2025-57521 | 2025-10-22 | N/A | 6.1 MEDIUM | ||
| Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a malicious component in the expected location, which is controllable by the attacker (e.g., under %APPDATA%), resulting in code execution within the context of the user. The main application is digitally signed, which may allow a malicious component to inherit trust and evade detection by security solutions that rely on signed parent processes. | |||||
| CVE-2025-56799 | 2025-10-22 | N/A | 6.5 MEDIUM | ||
| Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself. | |||||
| CVE-2025-4231 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-22 | N/A | 7.2 HIGH |
| A command injection vulnerability in Palo Alto Networks PAN-OSĀ® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2010-4345 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-10-22 | 6.9 MEDIUM | 7.8 HIGH |
| Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. | |||||
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | |||||
| CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | |||||
| CVE-2020-25079 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-10-22 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | |||||
| CVE-2017-6327 | 1 Symantec | 1 Message Gateway | 2025-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | |||||
| CVE-2016-6367 | 1 Cisco | 30 Adaptive Security Appliance Software, Asa 5500, Asa 5500-x and 27 more | 2025-10-22 | 6.8 MEDIUM | 7.8 HIGH |
| Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | |||||
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2025-10-22 | N/A | 9.8 CRITICAL |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | |||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2025-10-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2025-59689 | 1 Libraesva | 1 Email Security Gateway | 2025-10-21 | N/A | 6.1 MEDIUM |
| Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7. | |||||