Total
4638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10060 | 1 Netgear | 2 Dgn2200b, Dgn2200b Firmware | 2025-09-23 | N/A | 7.2 HIGH |
| An authenticated OS command injection vulnerability exists inĀ Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored. | |||||
| CVE-2024-41788 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | |||||
| CVE-2024-41789 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | |||||
| CVE-2024-41790 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2025-09-23 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | |||||
| CVE-2025-34029 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2025-09-23 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. | |||||
| CVE-2025-34024 | 1 Edimax | 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware | 2025-09-23 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. | |||||
| CVE-2025-30004 | 1 Xorcom | 1 Completepbx | 2025-09-23 | N/A | 9.1 CRITICAL |
| Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | |||||
| CVE-2025-22481 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 8.8 HIGH |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | |||||
| CVE-2024-50393 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | |||||
| CVE-2025-10774 | 2025-09-23 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9972 | 2025-09-23 | N/A | 9.8 CRITICAL | ||
| Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device. | |||||
| CVE-2024-37678 | 1 Finesoft Project | 1 Finesoft | 2025-09-23 | N/A | 5.3 MEDIUM |
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2025-10775 | 2025-09-22 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48703 | 2025-09-22 | N/A | 9.0 CRITICAL | ||
| CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known. | |||||
| CVE-2025-10767 | 2025-09-22 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. The attack requires a local approach. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10568 | 2025-09-22 | N/A | N/A | ||
| HyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability. | |||||
| CVE-2025-30264 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-22 | N/A | 8.8 HIGH |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | |||||
| CVE-2021-42081 | 1 Osnexus | 1 Quantastor | 2025-09-22 | N/A | 9.1 CRITICAL |
| An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al | |||||
| CVE-2024-38644 | 1 Qnap | 1 Notes Station 3 | 2025-09-20 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | |||||
| CVE-2024-53692 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | N/A | 4.7 MEDIUM |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||