Total
4216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27516 | 1 Livehelperchat | 1 Live Helper Chat | 2025-04-30 | N/A | 9.8 CRITICAL |
| Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. | |||||
| CVE-2024-48954 | 1 Logpoint | 1 Siem | 2025-04-30 | N/A | 6.4 MEDIUM |
| An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. | |||||
| CVE-2022-42053 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2025-04-30 | N/A | 7.8 HIGH |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | |||||
| CVE-2022-41396 | 1 Tenda | 2 W15e, W15e Firmware | 2025-04-30 | N/A | 7.8 HIGH |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
| CVE-2022-41395 | 1 Tenda | 2 W15e, W15e Firmware | 2025-04-30 | N/A | 7.8 HIGH |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | |||||
| CVE-2022-40847 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2025-04-30 | N/A | 7.8 HIGH |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. | |||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-04-29 | N/A | 6.7 MEDIUM |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | |||||
| CVE-2025-3729 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9053 | 1 Vllm-project | 1 Vllm | 2025-04-29 | N/A | 9.8 CRITICAL |
| vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data. | |||||
| CVE-2025-28137 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28034 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter. | |||||
| CVE-2022-41131 | 1 Apache | 2 Airflow, Apache-airflow-providers-apache-hive | 2025-04-29 | N/A | 7.8 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). | |||||
| CVE-2025-28035 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28036 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28037 | 1 Totolink | 4 A810r, A810r Firmware, A950rg and 1 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter. | |||||
| CVE-2025-28038 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. | |||||
| CVE-2025-28039 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. | |||||
| CVE-2022-44844 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | |||||
| CVE-2022-44843 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | |||||
| CVE-2022-45461 | 3 Linux, Opengroup, Veritas | 3 Linux Kernel, Unix, Netbackup | 2025-04-29 | N/A | 7.5 HIGH |
| The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | |||||