ReportizFlow
Filtered by vendor
Subscriptions
Total
5816 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5440 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-07-02 | 6.3 Medium |
| A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50201 | 1 Wegia | 1 Wegia | 2025-07-02 | 9.8 Critical |
| WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2. | ||||
| CVE-2025-5447 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-07-02 | 6.3 Medium |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6897 | 1 Dlink | 2 Di-7300g\+, Di-7300g\+ Firmware | 2025-07-01 | 5.5 Medium |
| A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-26023 | 2 Buffalo, Buffalo Inc | 15 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-1166dhp and 12 more | 2025-06-30 | 4.2 Medium |
| OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | ||||
| CVE-2025-6618 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6619 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6620 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6621 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1369 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 4.5 Medium |
| A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1370 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5441 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5442 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5446 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42922 | 1 Aapanel | 1 Aapanel | 2025-06-25 | 6.5 Medium |
| AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. | ||||
| CVE-2023-4873 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2025-06-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-31482 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-06-24 | 5.3 Medium |
| An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point. | ||||
| CVE-2024-31481 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-06-24 | 5.3 Medium |
| Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. | ||||
| CVE-2024-31480 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-06-24 | 5.3 Medium |
| Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. | ||||
| CVE-2024-31479 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-06-24 | 5.3 Medium |
| Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. | ||||