Total
2537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30850 | 1 Tiagorlampert | 1 Chaos | 2025-06-17 | N/A | 8.8 HIGH |
| An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | |||||
| CVE-2025-49823 | 2025-06-17 | N/A | N/A | ||
| (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3. | |||||
| CVE-2025-5515 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5504 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5695 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-23049 | 1 B3log | 1 Symphony | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | |||||
| CVE-2024-29269 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | |||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | |||||
| CVE-2024-29366 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. | |||||
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | |||||
| CVE-2024-29385 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | N/A | 9.0 CRITICAL |
| DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | |||||
| CVE-2024-29864 | 1 89luca89 | 1 Distrobox | 2025-06-17 | N/A | 9.8 CRITICAL |
| Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. | |||||
| CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-06-16 | N/A | 6.5 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2025-5126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6102 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-22237 | 2025-06-16 | N/A | 6.7 MEDIUM | ||
| An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process. | |||||
| CVE-2025-6103 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6104 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4231 | 2025-06-16 | N/A | N/A | ||
| A command injection vulnerability in Palo Alto Networks PAN-OSĀ® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2025-27954 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | |||||