ReportizFlow
Filtered by vendor
Subscriptions
Total
3469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2094 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2095 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2096 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-55030 | 1 Nasa | 1 Fprime | 2025-04-03 | 9.8 Critical |
| A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | ||||
| CVE-2024-25850 | 1 Netis-systems | 2 Wf2780, Wf2780 Firmware | 2025-04-03 | 9.8 Critical |
| Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter | ||||
| CVE-2025-29226 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. | ||||
| CVE-2025-29227 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. | ||||
| CVE-2025-29230 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 8.6 High |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter. | ||||
| CVE-2025-29223 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. | ||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2025-04-01 | 7.4 High |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2025-04-01 | 7.4 High |
| All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | ||||
| CVE-2024-28353 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 8.8 High |
| There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. | ||||
| CVE-2024-28354 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 10.0 Critical |
| There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges. | ||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2025-04-01 | 7.4 High |
| All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | ||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | 7.4 High |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | ||||
| CVE-2024-22546 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2025-04-01 | 6.4 Medium |
| TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | ||||
| CVE-2023-51835 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2025-04-01 | 6.8 Medium |
| An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. | ||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2025-03-31 | 7.2 High |
| DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | ||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Apache-airflow-providers-mysql | 2025-03-31 | 9.8 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | ||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2025-03-28 | 4.8 Medium |
| An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | ||||