Total
2846 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10323 | 1 Wavlink | 2 Wl-wn578w2, Wl-wn578w2 Firmware | 2025-10-02 | 7.3 High |
| A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10324 | 1 Wavlink | 2 Wl-wn578w2, Wl-wn578w2 Firmware | 2025-10-02 | 7.3 High |
| A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9583 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9584 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-9585 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9586 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. | ||||
| CVE-2025-61584 | 1 Serverless-dns | 1 Serverless-dns | 2025-10-02 | N/A |
| serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the github.event.pull_request.head.repo.clone_url and github.head_ref, to a command in the runner. Due to the action using the pull_request_target trigger it has permissive permissions by default. An unauthorized attacker can exploit this vulnerability to push arbitrary data to the repository. The subsequent impact on the end-user is executing the attackers' code when running serverless-dns. This is fixed in commit c5537dd, and expected to be released in 0.1.31. | ||||
| CVE-2025-11092 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11095 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-11096 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11097 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11098 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2025-11099 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-11100 | 2 D-link, Dlink | 3 Dir-823x, Dir-823x, Dir-823x Firmware | 2025-10-02 | 6.3 Medium |
| A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-45512 | 1 Denx | 1 U-boot | 2025-10-02 | 6.5 Medium |
| A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. | ||||
| CVE-2025-57105 | 1 Dlink | 3 Di-7400g+, Di-7400g\+, Di-7400g\+ Firmware | 2025-10-02 | 9.8 Critical |
| The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host. | ||||
| CVE-2025-9727 | 2 D-link, Dlink | 3 Dir-816l, Dir-816l, Dir-816l Firmware | 2025-10-01 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-29523 | 2 D-link, Dlink | 3 Dsl-7740c, Dsl-7740c, Dsl-7740c Firmware | 2025-10-01 | 7.2 High |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. | ||||
| CVE-2025-43012 | 1 Jetbrains | 1 Toolbox | 2025-10-01 | 8.3 High |
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | ||||
| CVE-2025-3816 | 1 Westboy | 1 Cicadascms | 2025-10-01 | 4.7 Medium |
| A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||