Total
2916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2025-11-05 | 9.8 Critical |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||||
| CVE-2024-51317 | 1 Netsurf-browser | 1 Netsurf | 2025-11-05 | 6.5 Medium |
| An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function | ||||
| CVE-2025-1610 | 1 Lb-link | 2 Ac1900, Ac1900 Firmware | 2025-11-04 | 6.3 Medium |
| A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1609 | 1 Lb-link | 2 Ac1900, Ac1900 Firmware | 2025-11-04 | 6.3 Medium |
| A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1608 | 1 Lb-link | 2 Ac1900, Ac1900 Firmware | 2025-11-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-32632 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2025-11-04 | 8.8 High |
| A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-24583 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | 8.8 High |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. | ||||
| CVE-2023-24582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | 8.8 High |
| Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. | ||||
| CVE-2023-24520 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | 8.8 High |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. | ||||
| CVE-2023-24519 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2025-11-04 | 8.8 High |
| Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. | ||||
| CVE-2024-25228 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | 8.8 High |
| Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. | ||||
| CVE-2024-25082 | 4 Debian, Fedoraproject, Fontforge and 1 more | 4 Debian Linux, Fedora, Fontforge and 1 more | 2025-11-04 | 6.5 Medium |
| Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. | ||||
| CVE-2024-25081 | 4 Debian, Fedoraproject, Fontforge and 1 more | 4 Debian Linux, Fedora, Fontforge and 1 more | 2025-11-04 | 4.2 Medium |
| Splinefont in FontForge through 20230101 allows command injection via crafted filenames. | ||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-11-04 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-22903 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | 8.8 High |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | ||||
| CVE-2024-22900 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | 8.8 High |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | ||||
| CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-11-04 | 6.5 Medium |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2023-49134 | 1 Tp-link | 6 Ac1350 Firmware, Eap115, Eap115 Firmware and 3 more | 2025-11-04 | 8.1 High |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | ||||
| CVE-2023-49133 | 1 Tp-link | 6 Ac1350 Firmware, Eap115, Eap115 Firmware and 3 more | 2025-11-04 | 8.1 High |
| A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | ||||
| CVE-2023-40146 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 6.8 Medium |
| A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. | ||||