Total
2950 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52377 | 2025-07-15 | 5.4 Medium | ||
| Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality, specifically in the /web/um_ping_set.cgi endpoint. The application fails to properly sanitize user input in the `Ping_host_text` parameter before passing it to the underlying system command, allowing attackers to inject and execute arbitrary shell commands as the root user. | ||||
| CVE-2025-7525 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-15 | 6.3 Medium |
| A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7524 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-15 | 6.3 Medium |
| A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5492 | 1 Dlink | 2 Di-500wf-wt, Di-500wf-wt Firmware | 2025-07-15 | 6.3 Medium |
| A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely. | ||||
| CVE-2025-5571 | 2 D-link, Dlink | 3 Dcs-932l, Dcs-932l, Dcs-932l Firmware | 2025-07-15 | 6.3 Medium |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-51650 | 1 Qianfox | 1 Foxcms | 2025-07-15 | 5.6 Medium |
| An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file. | ||||
| CVE-2025-3621 | 2025-07-15 | 9.6 Critical | ||
| Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elements used in a Command ('Command Injection') * Use of Hard-coded Credentials * Improper Authentication * Binding to an Unrestricted IP Address The vulnerability has been rated as critical.This issue affects ActADUR: from v2.0.1.9 before v2.0.2.0., hence updating to version v2.0.2.0. or above is required. | ||||
| CVE-2025-7578 | 2025-07-15 | 5 Medium | ||
| A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22473 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-22472 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges. | ||||
| CVE-2024-48017 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 6.5 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2024-48015 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 6.7 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2024-48830 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-6899 | 2 D-link, Dlink | 6 Di-7300g+, Di-8200g, Di-7300g\+ and 3 more | 2025-07-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6898 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6896 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7192 | 2 D-link, Dlink | 3 Dir-645, Dir-645, Dir-645 Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-45931 | 2 D-link, Dlink | 3 Dir-816 A2, Dir-816, Dir-816 Firmware | 2025-07-13 | 9.8 Critical |
| An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | ||||
| CVE-2025-1229 | 1 Olajowon | 1 Loggrove | 2025-07-13 | 6.3 Medium |
| A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2023-5878 | 1 Honeywell | 1 Onewireless Network Wireless Device Manager | 2025-07-13 | N/A |
| Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2. | ||||