Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-32702 Command Injection vulnerability in Microsoft Visual Studio 2019
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
local
low complexity
microsoft CWE-77
7.8
7.8
2025-05-10 CVE-2025-1137 IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
network
high complexity
CWE-77
7.5
7.5
2025-05-08 CVE-2025-45798 Command Injection vulnerability in Totolink A950Rg Firmware 4.1.2Cu.5204B20210112
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45487 Command Injection vulnerability in Linksys E5600 Firmware 1.1.0.26
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
network
low complexity
linksys CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45488 Command Injection vulnerability in Linksys E5600 Firmware 1.1.0.26
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
network
low complexity
linksys CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45489 Command Injection vulnerability in Linksys E5600 Firmware 1.1.0.26
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
network
low complexity
linksys CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45490 Command Injection vulnerability in Linksys E5600 Firmware 1.1.0.26
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
network
low complexity
linksys CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45491 Command Injection vulnerability in Linksys E5600 Firmware 1.1.0.26
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
network
low complexity
linksys CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-45492 Command Injection vulnerability in Netgear Ex8000 Firmware 1.0.0.126
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
network
low complexity
netgear CWE-77
critical
 9.8
9.8
2025-05-06 CVE-2025-4357 Command Injection vulnerability in Tendacn RX3 Firmware 16.03.13.11Multi
A vulnerability was found in Tenda RX3 16.03.13.11_multi.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8