Export limit exceeded: 20709 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20709 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10118 | 1 Secom | 1 Wrtr-304gn-304tw-upsc Firmware | 2026-04-15 | 9.8 Critical |
| SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | ||||
| CVE-2024-21532 | 1 Bahmutov | 1 Ggit | 2026-04-15 | 7.3 High |
| All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. | ||||
| CVE-2024-11983 | 1 Billion Electric | 4 M100, M120n, M150 and 1 more | 2026-04-15 | 7.2 High |
| Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device. | ||||
| CVE-2025-7771 | 1 Techpowerup | 1 Throttlestop | 2026-04-15 | N/A |
| ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions. | ||||
| CVE-2024-53688 | 2026-04-15 | 7.2 High | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request. | ||||
| CVE-2025-10239 | 1 Progress | 1 Flowmon | 2026-04-15 | 7.2 High |
| In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes. | ||||
| CVE-2025-34147 | 1 Shenzhen Aitemi | 1 M300 Wifi Repeater | 2026-04-15 | N/A |
| An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise. | ||||
| CVE-2024-20356 | 2026-04-15 | 8.7 High | ||
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | ||||
| CVE-2025-2071 | 2026-04-15 | N/A | ||
| A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi". | ||||
| CVE-2025-52379 | 2026-04-15 | 5.4 Medium | ||
| Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated attackers to execute arbitrary OS commands on the device, resulting in remote code execution. | ||||
| CVE-2024-2415 | 2026-04-15 | 7.8 High | ||
| Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST request to the URL '/cgi-bin/gui.cgi'. | ||||
| CVE-2025-57799 | 2026-04-15 | N/A | ||
| StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822. | ||||
| CVE-2025-54084 | 1 Calix | 1 Gigacenter Ont | 2026-04-15 | N/A |
| OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. | ||||
| CVE-2024-29222 | 2026-04-15 | 6.1 Medium | ||
| Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-48499 | 1 Fujifilm | 8 Apeos 2150, Apeos 2350, Docuprint M115 W and 5 more | 2026-04-15 | 5.3 Medium |
| Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition. | ||||
| CVE-2023-5912 | 1 Lenovo | 1 Notebook | 2026-04-15 | 6.7 Medium |
| A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. | ||||
| CVE-2025-46271 | 2026-04-15 | 9.1 Critical | ||
| UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data. | ||||
| CVE-2024-0401 | 1 Asus | 17 4g-ac68u, Expertwifi, Rt-ac1900 and 14 more | 2026-04-15 | 7.2 High |
| ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. | ||||
| CVE-2025-2367 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-68922 | 1 Openops | 1 Openops | 2026-04-15 | 7.4 High |
| OpenOps before 0.6.11 allows remote code execution in the Terraform block. | ||||