Total
3377 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | 7.4 High |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | ||||
| CVE-2024-22546 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2025-04-01 | 6.4 Medium |
| TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | ||||
| CVE-2023-51835 | 1 Trendnet | 2 Tew-822dre, Tew-822dre Firmware | 2025-04-01 | 6.8 Medium |
| An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. | ||||
| CVE-2024-42636 | 1 Dedecms | 1 Dedecms | 2025-03-31 | 7.2 High |
| DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. | ||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Apache-airflow-providers-mysql | 2025-03-31 | 9.8 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | ||||
| CVE-2025-25766 | 1 Mrcms | 1 Mrcms | 2025-03-28 | 4.8 Medium |
| An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | ||||
| CVE-2024-12251 | 1 Telerik | 1 Ui For Winui | 2025-03-28 | 7.8 High |
| In ProgressĀ® TelerikĀ® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | ||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | 7.2 High |
| Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | ||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | 4.4 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | ||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | ||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | ||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | ||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | ||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | ||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | ||||
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | ||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2025-03-28 | 9.8 Critical |
| The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | ||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2025-03-27 | 7.4 High |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | ||||
| CVE-2022-48624 | 2 Greenwoodsoftware, Redhat | 4 Less, Enterprise Linux, Logging and 1 more | 2025-03-27 | 7.8 High |
| close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||||
| CVE-2024-26296 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | 7.2 High |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||