Total
2762 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44015 | 2025-09-02 | N/A | ||
| A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later | ||||
| CVE-2025-29887 | 2025-09-02 | N/A | ||
| A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | ||||
| CVE-2025-30264 | 2025-09-02 | N/A | ||
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | ||||
| CVE-2025-9727 | 1 D-link | 1 Dir-816l | 2025-09-02 | 6.3 Medium |
| A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-7700 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2025-08-30 | 6.5 Medium |
| A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | ||||
| CVE-2024-2947 | 1 Redhat | 1 Enterprise Linux | 2025-08-30 | 7.3 High |
| A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. | ||||
| CVE-2025-9585 | 2025-08-29 | 6.3 Medium | ||
| A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9654 | 2025-08-29 | 6.3 Medium | ||
| A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve this issue. The patch is named cd2566a948b696501abfa6c6b03462cac5fb43d8. It is advisable to upgrade the affected component. | ||||
| CVE-2025-9584 | 2025-08-29 | 6.3 Medium | ||
| A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-9583 | 2025-08-29 | 6.3 Medium | ||
| A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9586 | 2025-08-29 | 6.3 Medium | ||
| A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. | ||||
| CVE-2025-48979 | 2025-08-29 | 3.4 Low | ||
| An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. | ||||
| CVE-2025-9528 | 1 Linksys | 1 E1700 | 2025-08-29 | 4.7 Medium |
| A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30258 | 1 Magnussolution | 1 Magnusbilling | 2025-08-29 | 9.8 Critical |
| Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | ||||
| CVE-2024-13129 | 1 Roxy-wi | 1 Roxy-wi | 2025-08-28 | 8.8 High |
| A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component. | ||||
| CVE-2025-1546 | 2025-08-28 | 7.3 High | ||
| A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the argument start_code leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1137 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2025-08-28 | 7.5 High |
| IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. | ||||
| CVE-2024-30220 | 1 Planex | 4 Mzk-mf300hp2, Mzk-mf300hp2 Firmware, Mzk-mf300n and 1 more | 2025-08-27 | 8.8 High |
| Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided. | ||||
| CVE-2024-39571 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. | ||||
| CVE-2024-39570 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. | ||||