Total
2558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4008 | 2025-05-23 | N/A | ||
| The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. | ||||
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | ||||
| CVE-2023-6572 | 1 Gradio Project | 1 Gradio | 2025-05-22 | 8.1 High |
| Command Injection in GitHub repository gradio-app/gradio prior to main. | ||||
| CVE-2025-44854 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44847 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44846 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44845 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44844 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44843 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44842 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44841 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44840 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44839 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44838 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44837 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44836 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-20258 | 2025-05-22 | 5.4 Medium | ||
| A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users. | ||||
| CVE-2024-52022 | 1 Netgear | 9 R6400 Firmware, R6400v2, R6400v2 Firmware and 6 more | 2025-05-21 | 8 High |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2025-44848 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-21 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44860 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-05-21 | 6.5 Medium |
| TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||