Total
313 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24061 | 1 Gnu | 1 Inetutils | 2026-01-23 | 9.8 Critical |
| telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. | ||||
| CVE-2026-0774 | 2026-01-23 | N/A | ||
| WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708. | ||||
| CVE-2025-3460 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-21 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-3459 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-21 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-32459 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-21 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-32458 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-21 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2026-23766 | 1 Istio | 1 Istio | 2026-01-16 | 4.1 Medium |
| Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators can already exclude sidecar injection entirely)." | ||||
| CVE-2025-43730 | 1 Dell | 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more | 2026-01-15 | 8.4 High |
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure. | ||||
| CVE-2025-32457 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-13 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-32456 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-13 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-32455 | 1 Onsemi | 36 Qcs-ax2-a12, Qcs-ax2-a12 Firmware, Qcs-ax2-s5 and 33 more | 2026-01-13 | 7.7 High |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. | ||||
| CVE-2025-35010 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35009 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35008 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35007 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35006 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35005 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-35004 | 1 Microhardcorp | 4 Bulletlte-na2, Bulletlte-na2 Firmware, Ipn4gii-na2 and 1 more | 2026-01-12 | 7.1 High |
| Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing. | ||||
| CVE-2025-66002 | 2 Kde, Smb4k | 2 Kde, Smb4k | 2026-01-12 | N/A |
| An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | ||||
| CVE-2025-67858 | 2026-01-08 | 7.8 High | ||
| A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31. | ||||