Total
4242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30004 | 2025-04-01 | N/A | 9.1 CRITICAL | ||
| Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | |||||
| CVE-2025-3002 | 2025-04-01 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2025-04-01 | N/A | 7.4 HIGH |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
| CVE-2022-25860 | 1 Simple-git Project | 1 Simple-git | 2025-04-01 | N/A | 8.1 HIGH |
| Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221). | |||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2025-04-01 | N/A | 7.4 HIGH |
| All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | |||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2025-04-01 | N/A | 7.4 HIGH |
| All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | |||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | N/A | 7.4 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2024-36491 | 1 Centurysys | 31 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 28 more | 2025-04-01 | N/A | 9.8 CRITICAL |
| FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition. | |||||
| CVE-2022-37061 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-03-31 | N/A | 9.8 CRITICAL |
| All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. | |||||
| CVE-2024-25468 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-28 | N/A | 7.5 HIGH |
| An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | |||||
| CVE-2024-57687 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
| An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter. | |||||
| CVE-2024-49563 | 2025-03-28 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | |||||
| CVE-2025-24382 | 2025-03-28 | N/A | 7.3 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2024-49601 | 2025-03-28 | N/A | 7.3 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2025-24379 | 2025-03-28 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2025-24383 | 2025-03-28 | N/A | 9.1 CRITICAL | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2025-23383 | 2025-03-28 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. | |||||
| CVE-2024-49564 | 2025-03-28 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | |||||
| CVE-2025-24377 | 2025-03-28 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | |||||
| CVE-2025-22398 | 2025-03-28 | N/A | 9.8 CRITICAL | ||
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity. | |||||