Total
2556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49823 | 2025-06-17 | 0 Low | ||
| (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3. | ||||
| CVE-2025-5515 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5504 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-17 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5695 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-17 | 4.7 Medium |
| A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-47560 | 1 Qnap | 1 Qumagie | 2025-06-17 | 7.4 High |
| An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||||
| CVE-2024-23049 | 1 B3log | 1 Symphony | 2025-06-17 | 9.8 Critical |
| An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | ||||
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-06-17 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-29269 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-06-17 | 8.8 High |
| An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | ||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-17 | 9.8 Critical |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | ||||
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-06-17 | 8.8 High |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | ||||
| CVE-2024-0920 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2025-06-17 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-29366 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | 8.8 High |
| A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. | ||||
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2025-06-17 | 6.5 Medium |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | ||||
| CVE-2024-29385 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-06-17 | 9.0 Critical |
| DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. | ||||
| CVE-2024-29864 | 1 89luca89 | 1 Distrobox | 2025-06-17 | 9.8 Critical |
| Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. | ||||
| CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-06-16 | 6.5 Medium |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2025-6102 | 2025-06-16 | 8.8 High | ||
| A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6103 | 2025-06-16 | 8.8 High | ||
| A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-45025 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-06-16 | 9 Critical |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2025-5126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 8.8 High |
| A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||