Total
4216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20194 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read limited files from the underlying operating system or clear the syslog and licensing logs on the affected device. | |||||
| CVE-2025-20193 | 2025-05-08 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web-based management interface. A successful exploit could allow the attacker to read files from the underlying operating system. | |||||
| CVE-2020-17384 | 1 Cellopoint | 1 Cellos | 2025-05-08 | 9.0 HIGH | 7.2 HIGH |
| Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. | |||||
| CVE-2022-35132 | 1 Webmin | 1 Usermin | 2025-05-07 | N/A | 8.8 HIGH |
| Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | |||||
| CVE-2022-31898 | 1 Gl-inet | 4 Gl-ax1800, Gl-ax1800 Firmware, Gl-mt300n-v2 and 1 more | 2025-05-07 | N/A | 6.8 MEDIUM |
| gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | |||||
| CVE-2024-30247 | 1 Nextcloud | 1 Nextcloudpi | 2025-05-07 | N/A | 10.0 CRITICAL |
| NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1. | |||||
| CVE-2025-45042 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
| Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | |||||
| CVE-2025-26817 | 1 Netwrix | 1 Password Secure | 2025-05-07 | N/A | 9.8 CRITICAL |
| Netwrix Password Secure 9.2.0.32454 allows OS command injection. | |||||
| CVE-2024-48629 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48630 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48632 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48631 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48633 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48634 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48635 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48637 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48636 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2024-48638 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2025-05-07 | N/A | 8.0 HIGH |
| D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | |||||
| CVE-2022-37915 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | |||||
| CVE-2024-51023 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-05-07 | N/A | 8.8 HIGH |
| D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||