Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6332 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2562 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | 5.4 Medium |
| Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | ||||
| CVE-2025-5447 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-07-02 | 6.3 Medium |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32967 | 1 Open-emr | 1 Openemr | 2025-07-02 | 5.4 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue. | ||||
| CVE-2025-6897 | 1 Dlink | 2 Di-7300g\+, Di-7300g\+ Firmware | 2025-07-01 | 5.5 Medium |
| A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-34338 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-06-30 | 7.2 High |
| Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. | ||||
| CVE-2024-48286 | 1 Linksys | 2 E3000, E3000 Firmware | 2025-06-30 | 8 High |
| Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. | ||||
| CVE-2024-28871 | 1 Oisf | 1 Libhtp | 2025-06-30 | 7.5 High |
| LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2025-6618 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6619 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6620 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6621 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-06-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1369 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 4.5 Medium |
| A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1370 | 1 Escanav | 1 Escan Anti-virus | 2025-06-27 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5441 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5442 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5446 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-25 | 6.3 Medium |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4416 | 1 Events Log Track Project | 1 Events Log Track | 2025-06-25 | 7.5 High |
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. | ||||
| CVE-2025-5139 | 1 Qualitor | 1 Qualitor | 2025-06-24 | 5.6 Medium |
| A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of the argument nmconexao leads to command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.20.56 and 8.24.31 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-45505 | 1 Apache | 1 Hertzbeat | 2025-06-24 | 8.8 High |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | ||||
| CVE-2025-27157 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | 5.3 Medium |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue. | ||||