VulnCheck KEV: CVE-2025-32813

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...

SUSE CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

CVE-2025-7952

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-7932

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbcsystem of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-41675

CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41674

The CVE-2025-41674 entry matches an OS command injection in MB CONNECT LINE mbNET.mini (industrial router) and Helmholz REX100/mbNET.mini family where improper neutralization of special elements in OS commands enables remote execution of commands via POST to a diagnostic action. Connected sources...

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673

CVE-2025-41673 affects MB CONNECT LINE mbNET.mini (industrial router). The vulnerability is an OS command-injection in the send_sms operation caused by improper neutralization of special elements, enabling remote execution of system commands via POST requests. Vulnerable versions are prior to 2.3...

VulnCheck KEV: CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

CVE-2025-7836

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbcsystem of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launche...

CVE-2025-7788

CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...

PT-2025-30007 · Ubiquiti · Unifi Access +1

Name of the Vulnerable Software and Affected Versions: UniFi Access Reader Pro versions 2.14.21 and earlier UniFi Access G2 Reader Pro versions 1.10.32 and earlier UniFi Access G3 Reader Pro versions 1.10.30 and earlier UniFi Access Intercom versions 1.7.28 and earlier UniFi Access G3 Intercom...

CVE-2025-7553

A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-7615

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...