Total
4598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | |||||
| CVE-2014-7253 | 1 Fujitsu | 4 Arrows Kiss F-03d, Arrows Tab Lte F-01d, F-12c and 1 more | 2025-04-12 | 7.2 HIGH | N/A |
| FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-2935 | 1 Caldera | 1 Caldera | 2025-04-12 | 10.0 HIGH | N/A |
| costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. | |||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2025-04-12 | 7.5 HIGH | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2025-0255 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 7.2 HIGH |
| HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | |||||
| CVE-2022-46598 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | |||||
| CVE-2022-46597 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||||
| CVE-2025-0127 | 2025-04-11 | N/A | N/A | ||
| A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | |||||
| CVE-2025-32107 | 2025-04-11 | N/A | 8.0 HIGH | ||
| OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device. | |||||
| CVE-2024-51246 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-11 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. | |||||
| CVE-2024-51249 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-11 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. | |||||
| CVE-2024-3191 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307. | |||||
| CVE-2023-44415 | 1 Dlink | 4 Dir-1260, Dir-1260 Firmware, Dir-2150 and 1 more | 2025-04-11 | N/A | 8.0 HIGH |
| D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19946. | |||||
| CVE-2024-3196 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-11 | 6.5 MEDIUM | 6.7 MEDIUM |
| A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312. | |||||
| CVE-2010-0418 | 1 Chumby | 2 Chumby Classic, Chumby One | 2025-04-11 | 10.0 HIGH | N/A |
| The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | |||||
| CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
| CVE-2012-4361 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | 7.7 HIGH | N/A |
| lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | |||||
| CVE-2013-5667 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. | |||||
| CVE-2013-0928 | 1 Emc | 1 Alphastor | 2025-04-11 | 9.3 HIGH | N/A |
| The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | |||||