Skip to main content

Command Injection

7746 CVEs technique

Monthly

CVE-2025-4341 MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 880L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.3%
CVE-2025-4340 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware Dir 890L Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.4%
CVE-2025-43844 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.9%
CVE-2025-43843 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
1.3%
CVE-2025-43842 HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
CVSS 4.0
8.9
EPSS
2.0%
CVE-2024-57235 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57234 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57233 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57232 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57231 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57230 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-57229 CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-45042 CRITICAL POC THREAT Emergency

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.8%
CVE-2025-25504 MEDIUM POC This Month

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gefen Webfwc
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2025-45800 CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2025-44877 CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2025-44872 CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2025-44868 CRITICAL POC Act Now

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn530H4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.9%
CVE-2025-2605 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.04 before V12.53 and MB-Secure PRO from V01.06. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Honeywell Mb Secure Firmware Mb Secure Pro Firmware
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2025-46625 HIGH This Week

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda Rx2 Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-44867 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44866 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44865 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44864 MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
12.5%
CVE-2025-44863 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44862 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44861 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44860 MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44848 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44847 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
9.9%
CVE-2025-44846 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44845 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44844 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44843 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.8%
CVE-2025-44842 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44841 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44840 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44839 MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.5
EPSS
7.9%
CVE-2025-44838 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44837 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44836 MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44854 MEDIUM POC This Month

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
6.3
EPSS
10.0%
CVE-2025-44835 MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
6.4%
CVE-2024-6032 HIGH This Week

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Model S Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-4135 MEDIUM This Month

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.2%
CVE-2025-4122 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-4121 MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-45011 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45010 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-45009 MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE Park Ticketing Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-24351 HIGH This Week

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4076 MEDIUM POC This Month

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2025-4089 MEDIUM PATCH This Month

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-4032 PyPI LOW POC Monitor

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Aworld
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
2.7%
CVE-2022-41871 MEDIUM This Month

SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Seppmail
NVD
CVSS 3.1
6.0
EPSS
1.0%
CVE-2025-3987 MEDIUM POC This Month

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N150rt Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.9%
CVE-2025-3983 MEDIUM POC This Month

A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Hibos
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.9%
CVE-2025-46272 CRITICAL Act Now

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.3% and no vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
15.3%
CVE-2025-46271 CRITICAL Act Now

UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
5.7%
CVE-2025-43858 NuGet CRITICAL PATCH Act Now

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. Rated critical severity (CVSS 9.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Windows
NVD GitHub
CVSS 3.1
9.2
EPSS
0.2%
CVE-2025-2773 HIGH This Week

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Router Firmware
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2025-28017 MEDIUM POC This Month

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware TOTOLINK
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2025-29743 MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.0%
CVE-2025-43948 HIGH This Week

Codemers KLIMS 1.6.DEV allows Python code injection. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-28039 CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2025-28038 CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2025-28036 CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware A810R Firmware A800R Firmware A830R Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2025-28035 CRITICAL POC Act Now

TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A810R Firmware A800R Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2025-28037 CRITICAL POC Act Now

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware A950rg Firmware TOTOLINK
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2025-28034 CRITICAL POC Act Now

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware A810R Firmware A830R Firmware A950rg Firmware +3
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2024-40445 HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal Mimetex Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-43920 MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Mailman Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2025-3816 MEDIUM POC This Month

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.9%
CVE-2025-29209 CRITICAL POC Act Now

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-46089 MEDIUM POC This Month

74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE 74Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
2.0%
CVE-2025-2947 HIGH This Week

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-43012 HIGH This Week

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Toolbox
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-29043 CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29042 CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29041 CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-29040 CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2025-3729 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php of the component Database Backup Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Web Based Pharmacy Product Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
4.9%
CVE-2024-53305 PyPI HIGH POC PATCH This Week

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Whoogle Search
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40070 MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE File Upload Online Id Generator System
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-32778 CRITICAL POC THREAT Emergency

Web-Check is an all-in-one OSINT tool for analyzing any website. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
32.4%
Threat
4.3
CVE-2024-50960 HIGH POC This Week

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection Smp 111 Firmware Smp 351 Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2024-36842 HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google Android
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-28145 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28143 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2025-28142 MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 880L Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware +1
NVD GitHub VulDB
EPSS 2% CVSS 8.9
HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
EPSS 1% CVSS 8.9
HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
EPSS 2% CVSS 8.9
HIGH This Week

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Retrieval Based Voice Conversion Webui
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Rax50 Firmware
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gefen Webfwc
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware TOTOLINK
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda Ac9 Firmware
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn530H4 Firmware
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.04 before V12.53 and MB-Secure PRO from V01.06. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Honeywell Mb Secure Firmware +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda Rx2 Pro Firmware
NVD
EPSS 12% CVSS 6.3
MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
EPSS 12% CVSS 6.3
MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
EPSS 12% CVSS 6.3
MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
EPSS 12% CVSS 6.3
MEDIUM POC THREAT This Month

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Command Injection Tenda W20e Firmware
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca600 Poe Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
EPSS 10% CVSS 6.3
MEDIUM POC This Month

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware TOTOLINK
NVD GitHub
EPSS 6% CVSS 6.3
MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 A2 Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Model S Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Jwnr2000V2 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Mozilla
NVD
EPSS 3% CVSS 2.3
LOW POC Monitor

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Aworld
NVD GitHub VulDB
EPSS 1% CVSS 6.0
MEDIUM This Month

SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection RCE Seppmail
NVD
EPSS 9% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N150rt Firmware TOTOLINK
NVD GitHub VulDB
EPSS 4% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Hibos
NVD GitHub VulDB
EPSS 15% CVSS 9.3
CRITICAL Act Now

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.3% and no vendor patch available.

Command Injection
NVD
EPSS 6% CVSS 9.3
CRITICAL Act Now

UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. Rated critical severity (CVSS 9.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Windows
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Router Firmware
NVD
EPSS 5% CVSS 6.5
MEDIUM POC This Month

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware TOTOLINK
NVD
EPSS 9% CVSS 6.5
MEDIUM POC This Month

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Codemers KLIMS 1.6.DEV allows Python code injection. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200t Firmware TOTOLINK
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware A810R Firmware +5
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware +5
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware A950rg Firmware +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware A810R Firmware +5
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Mailman Suse
NVD GitHub
EPSS 4% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cicadascms
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub
EPSS 2% CVSS 6.3
MEDIUM POC This Month

74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE 74Cms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Privilege Escalation
NVD
EPSS 0% CVSS 8.3
HIGH This Week

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Toolbox
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 5% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0.php of the component Database Backup Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Web Based Pharmacy Product Management System
NVD GitHub VulDB
EPSS 1% CVSS 7.3
HIGH POC PATCH This Week

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Whoogle Search
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +2
NVD GitHub
EPSS 32% 4.3 CVSS 9.3
CRITICAL POC THREAT Emergency

Web-Check is an all-in-one OSINT tool for analyzing any website. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.4% and no vendor patch available.

Command Injection
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC This Week

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection +4
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Google +1
NVD GitHub
EPSS 9% CVSS 6.5
MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
EPSS 9% CVSS 6.5
MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
EPSS 9% CVSS 6.5
MEDIUM POC This Month

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6478ac V3 Firmware
NVD GitHub
Prev Page 28 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy