Total
2578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4231 | 1 Palo Alto Networks | 1 Pan-os | 2025-06-16 | N/A |
| A command injection vulnerability in Palo Alto Networks PAN-OSĀ® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2025-06-16 | 8.4 High |
| DeepSpeed Remote Code Execution Vulnerability | ||||
| CVE-2024-49026 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-06-16 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2025-06-16 | 7.8 High |
| Visual Studio Code for Linux Remote Code Execution Vulnerability | ||||
| CVE-2024-43613 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-06-16 | 7.2 High |
| Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-49042 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-06-16 | 7.2 High |
| Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-27954 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | 6.5 Medium |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | ||||
| CVE-2025-27953 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | 6.5 Medium |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. | ||||
| CVE-2025-22941 | 1 Adtran | 2 411, 411 Firmware | 2025-06-13 | 9.8 Critical |
| A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | ||||
| CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2025-06-13 | 9.8 Critical |
| Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-22939 | 1 Adtran | 2 411, 411 Firmware | 2025-06-12 | 9.8 Critical |
| A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | ||||
| CVE-2023-47253 | 1 Qualitor | 1 Qalitor | 2025-06-12 | 9.8 Critical |
| Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | ||||
| CVE-2024-55063 | 1 Easyvirt | 1 Dc Netscope | 2025-06-12 | 8.8 High |
| Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to /international/settings/keyboard; the (4) timezone parameter to /international/settings/timezone. | ||||
| CVE-2025-43714 | 1 Openai | 1 Chatgpt | 2025-06-12 | 6.5 Medium |
| The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers. | ||||
| CVE-2025-5000 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4999 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4653 | 2025-06-12 | N/A | ||
| Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105. | ||||
| CVE-2025-4678 | 2025-06-12 | N/A | ||
| Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105. | ||||
| CVE-2025-5952 | 2025-06-12 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release. Additional countermeasures have been added in 6.15-8. | ||||
| CVE-2023-45498 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-06-12 | 9.8 Critical |
| VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | ||||