Search Results (363775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-34036 1 Tvt 60 Td-2004ts-cl, Td-2004ts-cl-c, Td-2004ts-cl-c Firmware and 57 more 2026-04-07 9.8 Critical
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
CVE-2025-34035 1 Engeniustech 14 Epg5000, Epg5000 Firmware, Esr1200 and 11 more 2026-04-07 9.8 Critical
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
CVE-2025-34034 1 5vtechnologies 1 Blue Angel Software Suite 2026-04-07 8.8 High
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVE-2025-34033 1 5vtechnologies 1 Blue Angel Software Suite 2026-04-07 8.8 High
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVE-2025-34032 1 Geoffrowland 1 Jmol 2026-04-07 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
CVE-2025-34031 1 Geoffrowland 1 Jmol 2026-04-07 7.5 High
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
CVE-2025-34029 1 Edimax 3 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware, Ew-7438rpn Mini V2 2026-04-07 8.8 High
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVE-2025-34024 1 Edimax 3 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware, Ew-7438rpn Mini V2 2026-04-07 8.8 High
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
CVE-2025-25038 1 Minidvblinux 1 Minidvblinux 2026-04-07 9.8 Critical
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
CVE-2024-58316 2 Online-shopping-system-advanced Project, Puneethreddyhc 2 Online-shopping-system-advanced, Online Shopping System Advanced 2026-04-07 7.5 High
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
CVE-2024-58313 1 Xbtitfm 1 Xbtitfm 2026-04-07 7.2 High
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands.
CVE-2024-58312 1 Xbtitfm 1 Xbtitfm 2026-04-07 7.5 High
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.
CVE-2024-58309 1 Xbtitfm 1 Xbtitfm 2026-04-07 9.8 Critical
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.
CVE-2024-58308 1 Opensolution 3 Quick.cms, Quick.cms.ext, Quick Cms 2026-04-07 9.8 Critical
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
CVE-2024-58307 1 Cszcms 2 Csz Cms, Cszcms 2026-04-07 8.8 High
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
CVE-2024-58294 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2026-04-07 8.8 High
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.
CVE-2024-58289 1 Microweber 1 Microweber 2026-04-07 5.4 Medium
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
CVE-2024-58284 1 Popojicms 1 Popojicms 2026-04-07 7.2 High
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
CVE-2024-58283 1 Wbce 1 Wbce Cms 2026-04-07 8.8 High
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
CVE-2024-58282 2 S9y, Serendipity 2 Serendipity, Serendipity 2026-04-07 7.2 High
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.