Total
2816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1608 | 1 Lb-link | 2 Ac1900, Ac1900 Firmware | 2025-11-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-32632 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-24583 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. | |||||
| CVE-2023-24582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. | |||||
| CVE-2023-24520 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. | |||||
| CVE-2023-24519 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | N/A | 8.8 HIGH |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. | |||||
| CVE-2024-25228 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | N/A | 8.8 HIGH |
| Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. | |||||
| CVE-2024-25082 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-11-04 | N/A | 6.5 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. | |||||
| CVE-2024-25081 | 3 Debian, Fedoraproject, Fontforge | 3 Debian Linux, Fedora, Fontforge | 2025-11-04 | N/A | 4.2 MEDIUM |
| Splinefont in FontForge through 20230101 allows command injection via crafted filenames. | |||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2024-22903 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | |||||
| CVE-2024-22900 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | |||||
| CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-11-04 | N/A | 6.5 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2023-49134 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 8.1 HIGH |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | |||||
| CVE-2023-49133 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 8.1 HIGH |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | |||||
| CVE-2023-40146 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | N/A | 6.8 MEDIUM |
| A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. | |||||
| CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 17 Mac Os X, Debian Linux, Fedora and 14 more | 2025-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | |||||
| CVE-2024-7397 | 2025-11-04 | N/A | N/A | ||
| Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. | |||||
| CVE-2025-22476 | 1 Dell | 1 Storage Manager | 2025-11-04 | N/A | 5.5 MEDIUM |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2025-11-04 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||