CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...

9.8CVSS5.8AI score0.13302EPSS

In wildExploits1References3

NVD•added 2025/09/02 3:15 p.m.•1 views

CVE-2025-50755

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsyscmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.5CVSS0.03876EPSS

Exploits1References1

Vulnrichment•added 2025/09/02 12:0 a.m.•1 views

CVE-2025-50755

7.8AI score0.03876EPSS

Exploits1References1

NVD•added 2025/08/27 10:15 p.m.•3 views

CVE-2024-13985

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

10CVSS0.0026EPSS

Exploits0References8

Cvelist•added 2025/08/27 10:23 a.m.•4 views

CVE-2025-30056 Calling system commands via RunCommand

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

9.4CVSS0.0006EPSS

Exploits0References1

NVD•added 2025/08/20 4:15 p.m.•4 views

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

9.3CVSS0.48631EPSS

Exploits0References8

Cvelist•added 2025/08/20 3:35 p.m.•8 views

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

9.3CVSS0.48631EPSS

Exploits0References8

Positive Technologies•added 2025/08/20 12:0 a.m.•4 views

PT-2025-34099 · Undefined · Undefined

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

9.3CVSS7.2AI score0.48631EPSS

Exploits0References9

VulnCheck KEV•added 2025/06/20 12:0 a.m.•0 views

VulnCheck KEV: CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

9.4CVSS6AI score0.05352EPSS

Exploits1References1

CNNVD•added 2025/06/03 12:0 a.m.•1 views

D-Link DI-500WF-WT 注入漏洞

D-Link DI-500WF-WT is a device for wireless network coverage from China AUO D-Link. A command injection vulnerability exists in the D-Link DI-500WF-WT, which stems from the parameter cmd failing to properly filter constructed command special characters, commands, and so on. No detailed...

8.8CVSS7.6AI score0.00753EPSS

Exploits0References5