Export limit exceeded: 20939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34148 | 1 Shenzhen Aitemi | 2 M300, M300 Wifi Repeater | 2026-04-15 | N/A |
| An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise. | ||||
| CVE-2025-34150 | 1 Shenzhen Aitemi | 2 M300, M300 Wifi Repeater | 2026-04-15 | N/A |
| The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges. | ||||
| CVE-2025-34160 | 1 Aishu | 1 Anyshare Cloud | 2026-04-15 | N/A |
| AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC. | ||||
| CVE-2024-44072 | 1 Buffalo Inc | 18 Wex 1166dhp, Wex 1166dhp2, Wex 1166dhps and 15 more | 2026-04-15 | 5.7 Medium |
| OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed. | ||||
| CVE-2025-52939 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11. | ||||
| CVE-2025-50121 | 2026-04-15 | N/A | ||
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default. | ||||
| CVE-2025-48047 | 2026-04-15 | N/A | ||
| An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. | ||||
| CVE-2025-46271 | 2026-04-15 | 9.1 Critical | ||
| UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data. | ||||
| CVE-2025-46272 | 2026-04-15 | 9.1 Critical | ||
| WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system. | ||||
| CVE-2025-43984 | 1 Kuwfi | 1 Gc111 | 2026-04-15 | 9.8 Critical |
| An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges. | ||||
| CVE-2025-43879 | 2026-04-15 | N/A | ||
| WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed. | ||||
| CVE-2025-43876 | 1 Johnsoncontrols | 5 Istar Edge G2, Istar Ultra, Istar Ultra G2 and 2 more | 2026-04-15 | N/A |
| Under certain circumstances a successful exploitation could result in access to the device. | ||||
| CVE-2025-43873 | 1 Johnsoncontrols | 6 Edge G2, Istar Edge G2, Istar Ultra and 3 more | 2026-04-15 | N/A |
| Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. | ||||
| CVE-2025-41663 | 2026-04-15 | 9.8 Critical | ||
| For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations. | ||||
| CVE-2025-27512 | 2026-04-15 | N/A | ||
| Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize-deployment` to reboot the system into the deployed update. Since Zincati v0.0.24, this polkit rule contains a logic error which broadens access of those polkit actions to any unprivileged user rather than just the `zincati` system user. In practice, this means that any unprivileged user with access to the system D-Bus socket is able to deploy older Fedora CoreOS versions (which may have other known vulnerabilities). Note that rpm-ostree enforces that the selected version must be from the same branch the system is currently on so this cannot directly be used to deploy an attacker-controlled update payload. This primarily impacts users running untrusted workloads with access to the system D-Bus socket. Note that in general, untrusted workloads should not be given this access, whether containerized or not. By default, containers do not have access to the system D-Bus socket. The logic error is fixed in Zincati v0.0.30. A workaround is to manually add a following polkit rule, instructions for which are available in the GitHub Security Advisory. | ||||
| CVE-2025-41427 | 1 Elecom | 3 Wrc-x3000gs, Wrc-x3000gsa, Wrc-x3000gsn | 2026-04-15 | N/A |
| WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed. | ||||
| CVE-2025-41413 | 2026-04-15 | 7.8 High | ||
| Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-41238 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2026-04-15 | 9.3 Critical |
| VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | ||||
| CVE-2025-30076 | 1 Koha | 1 Koha | 2026-04-15 | 7.7 High |
| Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. | ||||
| CVE-2025-37129 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 6.7 Medium |
| A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures. | ||||