Total
2853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46735 | 2025-05-07 | N/A | ||
| Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_record` resource did not sanitize the input variables. This could lead to authenticated command injection in the underlyding powershell command prompt. Version 1.0.5 contains a fix for the issue. | ||||
| CVE-2025-26262 | 2025-05-07 | 6.5 Medium | ||
| An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. | ||||
| CVE-2024-29435 | 1 Alldata | 1 Alldata | 2025-05-07 | 4.1 Medium |
| An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. | ||||
| CVE-2025-28017 | 1 Totolink | 2 A800r, A800r Firmware | 2025-05-06 | 6.5 Medium |
| TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | ||||
| CVE-2024-22061 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 9.8 Critical |
| A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | ||||
| CVE-2023-49959 | 1 Indu-sol | 1 Profinet-inspektor Nt | 2025-05-05 | 9.8 Critical |
| In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/start_update endpoint. | ||||
| CVE-2018-9866 | 1 Sonicwall | 1 Global Management System | 2025-05-05 | 9.8 Critical |
| A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | ||||
| CVE-2020-10826 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-05-05 | 9.8 Critical |
| /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | ||||
| CVE-2023-26801 | 1 Lb-link | 8 Bl-ac1900, Bl-ac1900 Firmware, Bl-lte300 and 5 more | 2025-05-05 | 9.8 Critical |
| LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. | ||||
| CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-05 | 9.8 Critical |
| D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | ||||
| CVE-2024-20676 | 1 Microsoft | 1 Azure Storage Mover | 2025-05-03 | 8 High |
| Azure Storage Mover Remote Code Execution Vulnerability | ||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-05-03 | 7.5 High |
| Outlook for Android Information Disclosure Vulnerability | ||||
| CVE-2024-21322 | 1 Microsoft | 1 Defender For Iot | 2025-05-03 | 7.2 High |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2025-4076 | 2025-05-02 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-37385 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2025-05-01 | 9.8 Critical |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. | ||||
| CVE-2023-0830 | 1 Easynas | 1 Easynas | 2025-05-01 | 6.3 Medium |
| A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2025-28145 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. | ||||
| CVE-2025-28143 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. | ||||
| CVE-2025-28142 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-01 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. | ||||
| CVE-2024-27980 | 2025-04-30 | N/A | ||
| Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | ||||