Critical
CVE-2025-34152
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is p…
Tag: Command Injection
All CVEs associated with "Command Injection". Page 13/48 • 5730 CVEs.
Subscribe CVEs: RSS for “Command Injection” · RSS (High+Critical only)
About “Command Injection”
A curated feed of “Command Injection”-related CVEs appears below. We currently track 5730 CVEs for this tag (all time). In the last 365 days, 1683 were published. Average CVSS is 8.2 (all time; 7.8 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-08-07
Critical
CVE-2025-34151
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-…
Critical
CVE-2025-34150
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during netw…
Critical
CVE-2025-34149
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, ena…
Critical
CVE-2025-34148
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed…
Medium
CVE-2025-47188
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, coul…
2025-08-06
High
CVE-2025-7769
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handlin…
Medium
CVE-2025-8667
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of th…
Medium
CVE-2025-8665
A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of th…
High
CVE-2025-22469
OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a…
Medium
CVE-2025-8655
Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenw…
High
CVE-2025-8654
Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwoo…
Medium
CVE-2025-8652
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Ken…
Medium
CVE-2025-8651
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Ken…
Medium
CVE-2025-8650
Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenw…
Medium
CVE-2025-8649
Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Ken…
Medium
CVE-2025-8648
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8647
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8646
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8645
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8644
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8643
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8642
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8641
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8640
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8639
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication…
Medium
CVE-2025-8638
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8637
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8636
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8635
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8634
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8633
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8632
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8631
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8630
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8629
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
Medium
CVE-2025-8628
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR device…
2025-08-05
Critical
CVE-2013-10069
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improp…
High
CVE-2012-10029
Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized pa…
Medium
CVE-2025-50688
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a sp…
High
CVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubu…
2025-08-04
Critical
CVE-2025-27212
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Acc…
High
CVE-2025-27211
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Critical
CVE-2025-51390
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
Critical
CVE-2025-34147
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the…
Critical
CVE-2025-44961
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
High
CVE-2025-44960
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
High
CVE-2025-30099
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release ver…
Medium
CVE-2025-30098
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release ver…
Medium
CVE-2025-30097
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release ver…
Medium
CVE-2025-30096
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release ver…
High
CVE-2025-36607
Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the res…
High
CVE-2025-36606
Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping…
High
CVE-2025-36604
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote a…
2025-08-01
High
CVE-2013-10061
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi en…
High
CVE-2013-10060
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with va…
High
CVE-2013-10059
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to san…
High
CVE-2013-10058
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails…
High
CVE-2013-10050
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface…
Critical
CVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the we…
Critical
CVE-2013-10048
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the u…
High
CVE-2025-8480
Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authenticat…
Medium
CVE-2025-8473
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devic…
2025-07-31
Critical
CVE-2025-50475
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostnam…
High
CVE-2013-10039
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the…
Critical
CVE-2013-10037
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell comman…
2025-07-29
Medium
CVE-2025-52284
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to…
2025-07-28
Critical
CVE-2025-54418
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagic…
Critical
CVE-2025-53695
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
High
CVE-2025-8259
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface.…
2025-07-27
Low
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
2025-07-25
Critical
CVE-2025-29631
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize…
Critical
CVE-2014-125118
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php…
Critical
CVE-2019-25224
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arb…
2025-07-24
Critical
CVE-2025-7404
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web:…
Critical
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Cod…
2025-07-23
High
CVE-2025-54377
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypa…
Critical
CVE-2015-10141
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug…
High
CVE-2024-53286
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remo…
2025-07-22
Medium
CVE-2025-43020
A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. H…
High
CVE-2025-7724
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2:…
High
CVE-2025-7723
A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518;…
High
CVE-2025-53472
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be…
Medium
CVE-2025-7952
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The m…
2025-07-21
High
CVE-2025-53832
Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp…
Critical
CVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. T…
Medium
CVE-2025-7932
A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It i…
High
CVE-2025-7382
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxil…
2025-07-20
High
CVE-2025-7883
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Po…
2025-07-19
Medium
CVE-2025-7836
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component E…
2025-07-18
High
CVE-2025-54073
mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) c…
Medium
CVE-2025-7788
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\execut…
2025-07-17
Critical
CVE-2025-52046
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated at…
2025-07-16
Critical
CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service a…
High
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows…
High
CVE-2025-34129
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in t…
Critical
CVE-2025-34125
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted c…
2025-07-15
Critical
CVE-2025-49836
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user i…
Critical
CVE-2025-49835
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_asr function. asr_inp_dir (and a number…
Critical
CVE-2025-49834
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_denoise function. denoise_inp_dir and de…
Critical
CVE-2025-49833
GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py open_slice function. slice_opt_root and s…
Medium
CVE-2025-52379
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web…
Medium
CVE-2025-52377
Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is…
High
CVE-2025-34115
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can…
High
CVE-2025-34113
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar mod…
Critical
CVE-2025-34112
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/commo…
Critical
CVE-2025-34103
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The…
Critical
CVE-2025-3621
Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Ele…
2025-07-14
High
CVE-2025-53818
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in…
Medium
CVE-2025-7615
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Re…
Medium
CVE-2025-7614
A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The m…
Medium
CVE-2025-7613
A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST R…
Critical
CVE-2025-50756
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary command…
Medium
CVE-2025-7578
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The…
Critical
CVE-2025-7451
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerabilit…
Medium
CVE-2025-7553
A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server l…
2025-07-13
Medium
CVE-2025-7525
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the comp…
Medium
CVE-2025-7524
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP PO…
2025-07-11
High
CVE-2013-3307
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port…
Medium
CVE-2025-52988
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, loca…