Total
4933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10230 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-11-08 | 10 Critical |
| A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. | ||||
| CVE-2020-8515 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-11-07 | 9.8 Critical |
| DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. | ||||
| CVE-2020-25506 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-11-07 | 9.8 Critical |
| D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | ||||
| CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-11-07 | 9.8 Critical |
| smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | ||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2025-11-07 | 9.8 Critical |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | ||||
| CVE-2019-19356 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2025-11-07 | 7.5 High |
| Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. | ||||
| CVE-2019-20500 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2025-11-07 | 7.8 High |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | ||||
| CVE-2020-10221 | 1 Rconfig | 1 Rconfig | 2025-11-07 | 8.8 High |
| lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | ||||
| CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2025-11-07 | 9.8 Critical |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | ||||
| CVE-2018-14839 | 1 Lg | 2 N1a1, N1a1 Firmware | 2025-11-07 | 9.8 Critical |
| LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | ||||
| CVE-2021-35394 | 1 Realtek | 1 Rtl819x Jungle Software Development Kit | 2025-11-07 | 9.8 Critical |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers. | ||||
| CVE-2025-11546 | 2 Linux, Nec | 5 Linux, Clusterpro X, Clusterpro X Singleserversafe and 2 more | 2025-11-07 | N/A |
| CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends specially crafted network packets to the product, arbitrary OS commands may be executed without authentication. | ||||
| CVE-2025-30479 | 1 Dell | 1 Cloudlink | 2025-11-07 | 8.4 High |
| Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. | ||||
| CVE-2025-45379 | 1 Dell | 1 Cloudlink | 2025-11-07 | 8.4 High |
| Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. | ||||
| CVE-2025-45378 | 1 Dell | 1 Cloudlink | 2025-11-07 | 9.1 Critical |
| Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. | ||||
| CVE-2025-64106 | 2 Anysphere, Cursor | 2 Cursor, Cursor | 2025-11-07 | 8.8 High |
| Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink. | ||||
| CVE-2025-64328 | 1 Freepbx | 3 Endpoint Manager, Filestore, Freepbx | 2025-11-07 | N/A |
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3. | ||||
| CVE-2022-50596 | 1 Dlink | 1 Dir-1260 | 2025-11-07 | N/A |
| D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet. | ||||
| CVE-2025-64109 | 1 Cursor | 1 Cursor | 2025-11-07 | 8.8 High |
| Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in a GitHub repository. Once a victim clones the project and opens it using Cursor CLI, the command to run the malicious MCP server is immediately executed without any warning, leading to potential code execution as soon as the command runs. This issue is fixed in version 2025.09.17-25b418f. | ||||
| CVE-2025-12489 | 1 Evernote | 1 Evernote | 2025-11-07 | N/A |
| evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27913. | ||||