CVE-2025-45988

The CVE-2025-45988 entry affects Blink routers (BL-WR9000, BL-AC2100 AZ3, BL-X10 AC8, BL-LTE300, BL-F1200 AT1, BL-X26 AC8, BLAC450M AE4, BL-X26 DA3) with multiple command injection vulnerabilities in the bs_SetCmd function via the cmd parameter. Root cause: improper handling of the cmd parameter ...

Vulnerability of components of Linux operating system’s kernel/mlx5, allowing a hacker to cause a service failure

The vulnerability of the net/mlx5 component in the Linux operating system’s kernel is related to incorrect blocking in the cmdworkhandler function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-5492

A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...

CVE-2025-41650

An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service...

CVE-2025-5127

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

Teledyne FLIR AX8 跨站脚本漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A cross-site scripting vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a cross-site scripting attack due to the incorrect operation of the parameter cmd in the file...

PT-2025-22842 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 versions up to 1.46.16 Description: A problematic issue has been found in the processing of the file /prod.php, where the manipulation of the cmd argument leads to cross-site scripting. This issue can be exploited remotely...

CVE-2023-41453

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...

CVE-2020-18280

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

PT-2025-27714

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to Bluetooth MGMT. The issue involves rejecting malformed HCI CMD SYNC commands. In the mgmt hci cmd sync function, a che...

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

SUSE CVE-2022-49891

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

CVE-2025-4349

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no long...

PT-2025-18905 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, where the ila xlat nl cmd get mapping function generates an empty message, triggering a sanity check. This issue is resolved ...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

PT-2025-17440 · Yi · Yi Iot Xy-3820

Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: The issue concerns a Remote Command Execution vulnerability via the cmd listen function located in the cmd binary. This allows for unauthorized execution of commands, potentially leading to a full...