Total
2669 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32702 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-15 | 7.8 High |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-22473 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-22472 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges. | ||||
| CVE-2024-48017 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 6.5 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2024-48015 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 6.7 Medium |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2024-48830 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | 7.8 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-6899 | 2 D-link, Dlink | 6 Di-7300g+, Di-8200g, Di-7300g\+ and 3 more | 2025-07-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6898 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6896 | 2 D-link, Dlink | 3 Di-7300g+, Di-7300g\+, Di-7300g\+ Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7192 | 2 D-link, Dlink | 3 Dir-645, Dir-645, Dir-645 Firmware | 2025-07-14 | 6.3 Medium |
| A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-45931 | 2 D-link, Dlink | 3 Dir-816 A2, Dir-816, Dir-816 Firmware | 2025-07-13 | 9.8 Critical |
| An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | ||||
| CVE-2025-1229 | 1 Olajowon | 1 Loggrove | 2025-07-13 | 6.3 Medium |
| A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected by this vulnerability is an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the argument path leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2024-24551 | 1 Bludit | 1 Bludit | 2025-07-13 | N/A |
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2024-9070 | 1 Bentoml | 1 Bentoml | 2025-07-13 | N/A |
| A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and arbitrary code execution. | ||||
| CVE-2025-0868 | 1 Arc53 | 1 Docsgpt | 2025-07-13 | N/A |
| A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0. | ||||
| CVE-2025-26627 | 1 Microsoft | 1 Azure Arc | 2025-07-13 | 7 High |
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-12971 | 1 Pandora Fms | 1 Pandora Fms | 2025-07-13 | N/A |
| Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 | ||||
| CVE-2024-39914 | 1 Fogproject | 1 Fogproject | 2025-07-12 | 9.8 Critical |
| FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | ||||
| CVE-2024-6269 | 1 Ruijie | 1 Rg-uac | 2025-07-12 | 4.7 Medium |
| A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12992 | 1 Pandora Fms | 1 Pandora Fms | 2025-07-12 | N/A |
| Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 . | ||||