Total
5071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44149 | 1 Nexxtsolutions | 2 Amp300, Amp300 Firmware | 2025-04-09 | 8.8 High |
| The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required | ||||
| CVE-2025-25053 | 2025-04-09 | 8.8 High | ||
| OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. | ||||
| CVE-2025-27797 | 2025-04-09 | 9.8 Critical | ||
| OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. | ||||
| CVE-2023-51699 | 1 Linuxfoundation | 1 Fluid | 2025-04-09 | 4 Medium |
| Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data. Users who're using versions < 0.9.3 with JuicefsRuntime should upgrade to v0.9.3. | ||||
| CVE-2022-36926 | 1 Zoom | 1 Rooms | 2025-04-09 | 8.8 High |
| Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | ||||
| CVE-2022-43971 | 1 Linksys | 2 Wumc710, Wumc710 Firmware | 2025-04-09 | 7.2 High |
| An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. | ||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-04-09 | 7.2 High |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | ||||
| CVE-2024-34205 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | 7.3 High |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | ||||
| CVE-2024-34210 | 1 Totolink | 3 Cp450, Cp450 Firmware, Outdoor Cpe Cp450 | 2025-04-09 | 7.3 High |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. | ||||
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2025-04-09 | 7.4 High |
| All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | ||||
| CVE-2025-27079 | 2025-04-09 | 6 Medium | ||
| A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise. | ||||
| CVE-2025-27078 | 2025-04-09 | 6.5 Medium | ||
| A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise. | ||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-04-09 | N/A |
| The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | ||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2025-04-09 | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | ||||
| CVE-2009-1579 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-09 | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | ||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | ||||
| CVE-2009-0848 | 1 Opensuse | 1 Opensuse | 2025-04-09 | N/A |
| Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | ||||
| CVE-2008-3074 | 2 Redhat, Vim | 3 Enterprise Linux, Tar.vim, Vim | 2025-04-09 | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | ||||
| CVE-2009-4025 | 1 Pear | 1 Pear | 2025-04-09 | N/A |
| Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. | ||||