ReportizFlow
Filtered by vendor
Subscriptions
Total
2354 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2025-04-09 | 9.8 Critical |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | ||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2025-04-09 | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | ||||
| CVE-2024-22544 | 1 Linksys | 2 E1700, E1700 Firmware | 2025-04-08 | 8.0 High |
| An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. | ||||
| CVE-2023-36805 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-08 | 7 High |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | ||||
| CVE-2023-22671 | 1 Nsa | 1 Ghidra | 2025-04-07 | 9.8 Critical |
| Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | ||||
| CVE-2025-25791 | 1 Yzncms | 1 Yzncms | 2025-04-07 | 4.4 Medium |
| An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
| CVE-2023-0315 | 1 Froxlor | 1 Froxlor | 2025-04-07 | 8.8 High |
| Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | ||||
| CVE-2024-51772 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 6.4 Medium |
| An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2024-53672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.7 Medium |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | ||||
| CVE-2024-51771 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 7.2 High |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | ||||
| CVE-2025-29062 | 2025-04-07 | 9.8 Critical | ||
| An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. | ||||
| CVE-2025-29063 | 2025-04-07 | 9.8 Critical | ||
| An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. | ||||
| CVE-2025-3249 | 2025-04-07 | 6.3 Medium | ||
| A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10697 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-05 | 6.3 Medium |
| A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36783 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-04 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. | ||||
| CVE-2024-30572 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 8 High |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. | ||||
| CVE-2025-25604 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 6.5 Medium |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. | ||||
| CVE-2025-25605 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-04-04 | 6.5 Medium |
| Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. | ||||
| CVE-2025-25768 | 1 Mrcms | 1 Mrcms | 2025-04-04 | 5.4 Medium |
| MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | ||||
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2025-04-04 | 7.4 High |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | ||||