Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

239 matches found

Vulnrichment
Vulnrichmentadded 2025/12/03 12:0 a.m.3 views

CVE-2025-57201

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.07135EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2025/12/03 12:0 a.m.5 views

PT-2025-48818

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...

8.8CVSS7.6AI score0.02325EPSS
Exploits1References9
Vulnrichment
Vulnrichmentadded 2025/12/03 12:0 a.m.3 views

CVE-2025-57202

A stored cross-site scripting XSS vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field...

5.2AI score0.0051EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2025/12/03 12:0 a.m.4 views

PT-2025-48938

A stored cross-site scripting XSS vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field...

6.1CVSS5.7AI score0.0051EPSS
Exploits2References4
Cvelist
Cvelistadded 2025/12/03 12:0 a.m.15 views

CVE-2025-57202

A stored cross-site scripting XSS vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field...

0.0051EPSS
Exploits2References3
CVE
CVEadded 2025/12/03 12:0 a.m.10 views

CVE-2025-57201

CVE-2025-57201 affects AVTECH SECURITY DGM1104 FullImg-1015-1004-1006-1003. The issue is an authenticated command-injection vulnerability in the SMB server function that allows an attacker to execute arbitrary commands via a crafted input. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with...

8.8CVSS8AI score0.07135EPSS
Exploits2References3Affected Software1
CNNVD
CNNVDadded 2025/12/03 12:0 a.m.4 views

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which originates from the presence of stored cross-site scripting in the PwdGrp.cgi endpoint, which could lead to the...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References4
GithubExploit
GithubExploitadded 2025/10/13 1:9 p.m.167 views

Exploit for CVE-2025-57199

AvTech PoCs PoCs for...

4.8CVSS7.1AI score0.07135EPSS
Exploits5
The Hacker News
The Hacker Newsadded 2025/10/13 10:12 a.m.6 views

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including...

8.8CVSS6.9AI score0.99999EPSS
Exploits7
EUVD
EUVDadded 2025/10/09 9:31 p.m.4 views

EUVD-2016-10792

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS7.3AI score0.02488EPSS
Exploits0References7
NVD
NVDadded 2025/10/09 9:15 p.m.3 views

CVE-2016-15047

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS0.02488EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/10/09 9:10 p.m.7 views

CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS0.02488EPSS
Exploits0References6
CVE
CVEadded 2025/10/09 9:10 p.m.16 views

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

8.7CVSS7.4AI score0.02488EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2025/10/09 9:10 p.m.2 views

CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS7.4AI score0.02488EPSS
Exploits0References6
CNNVD
CNNVDadded 2025/10/09 12:0 a.m.3 views

AVTECH IP camera 安全漏洞

AVTECH IP camera is a series of network security cameras from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH IP camera, which stems from an exefile parameter in the CloudSetup.cgi management endpoint that is not properly authenticated or whitelisted, which could...

8.7CVSS7.1AI score0.02488EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2008-3924

Malware in sbrugna...

7.5CVSS6.4AI score0.01695EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-4875

Malware in sbrugna...

9CVSS8.5AI score0.02995EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-19644

Malicious code in bioql PyPI...

10CVSS6.6AI score0.01526EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-19646

Malicious code in bioql PyPI...

6.9CVSS6.6AI score
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-19645

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.0055EPSS
Exploits0References5
Rows per page
Query Builder