Total
4639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5340 | 1 Ruijie | 54 Rg-uac 6000-cc, Rg-uac 6000-cc Firmware, Rg-uac 6000-e10 and 51 more | 2025-08-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5339 | 1 Ruijie | 54 Rg-uac 6000-cc, Rg-uac 6000-cc Firmware, Rg-uac 6000-e10 and 51 more | 2025-08-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5338 | 1 Ruijie | 54 Rg-uac 6000-cc, Rg-uac 6000-cc Firmware, Rg-uac 6000-e10 and 51 more | 2025-08-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-39367 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
| An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2025-55589 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. | |||||
| CVE-2024-6184 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6186 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6187 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3739 | 1 Cym1102 | 1 Nginxwebui | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. | |||||
| CVE-2025-2773 | 1 Bectechnologies | 1 Router Firmware | 2025-08-21 | N/A | 7.2 HIGH |
| BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903. | |||||
| CVE-2024-8926 | 1 Php | 1 Php | 2025-08-19 | N/A | 8.1 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | |||||
| CVE-2025-54948 | 1 Trendmicro | 1 Apex One | 2025-08-19 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | |||||
| CVE-2025-55284 | 2025-08-18 | N/A | N/A | ||
| Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically after release. Current users of Claude Code are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update. | |||||
| CVE-2025-6704 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | |||||
| CVE-2024-55904 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-18 | N/A | 7.2 HIGH |
| IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | |||||
| CVE-2023-42128 | 1 Magnetforensics | 1 Axiom | 2025-08-18 | N/A | 8.0 HIGH |
| Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device. The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21255. | |||||
| CVE-2025-9026 | 1 Dlink | 2 Dir-860l, Dir-860l Firmware | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-46486 | 1 Tp-link | 2 Tl-wdr5620, Tl-wdr5620 Firmware | 2025-08-15 | N/A | 8.0 HIGH |
| TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. | |||||
| CVE-2021-30187 | 2 Codesys, Wago | 55 Runtime Toolkit, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 4.6 MEDIUM | 5.3 MEDIUM |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||
| CVE-2024-28767 | 1 Ibm | 1 Security Directory Integrator | 2025-08-15 | N/A | 6.8 MEDIUM |
| IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||