Total
4737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51008 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | 8 High |
| Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2025-28219 | 1 Netgear | 2 Dc112a, Dc112a Firmware | 2025-05-02 | 9.8 Critical |
| Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request. | ||||
| CVE-2024-52021 | 1 Netgear | 5 R6400 Firmware, R7000p Firmware, R8500 and 2 more | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-52020 | 1 Netgear | 5 R6400 Firmware, R7000p Firmware, R8500 and 2 more | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-52019 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51009 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51005 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2022-37912 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-37902 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-29041 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-05-01 | 9.8 Critical |
| An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c | ||||
| CVE-2025-29040 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-05-01 | 9.8 Critical |
| An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c | ||||
| CVE-2023-0830 | 1 Easynas | 1 Easynas | 2025-05-01 | 6.3 Medium |
| A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2022-37900 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-01 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-31692 | 1 Drupal | 1 Artificial Intelligence | 2025-05-01 | 7.5 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. | ||||
| CVE-2022-38387 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-05-01 | 7.1 High |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. | ||||
| CVE-2024-27980 | 2025-04-30 | N/A | ||
| Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | ||||
| CVE-2022-32212 | 5 Debian, Fedoraproject, Nodejs and 2 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2025-04-30 | 8.1 High |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | ||||
| CVE-2024-27516 | 1 Livehelperchat | 2 Live Helper Chat, Livehelperchat | 2025-04-30 | 9.8 Critical |
| Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. | ||||
| CVE-2024-48954 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-30 | 6.4 Medium |
| An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. | ||||
| CVE-2022-41396 | 1 Tenda | 2 W15e, W15e Firmware | 2025-04-30 | 7.8 High |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | ||||