CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

578 matches found

CNNVD•added 2026/05/19 12:0 a.m.•5 views

Eclipse Glassfish 代码注入漏洞

Eclipse Glassfish is an application server developed by the Eclipse Foundation. Eclipse Glassfish has a code injection vulnerability. This vulnerability stems from allowing users with panel access rights to send custom requests, thereby enabling them to execute arbitrary operating system commands...

9.1CVSS6.1AI score0.00302EPSS

Exploits1References1

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-41932

Name of the Vulnerable Software and Affected Versions GlassFish affected versions not specified Description An authenticated Remote Code Execution RCE issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system comman...

9.1CVSS6.1AI score0.00302EPSS

Exploits1References4

NVD•added 2026/05/12 8:16 p.m.•8 views

CVE-2026-44860

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00037EPSS

Exploits0References1

CVE•added 2026/03/20 7:2 p.m.•6 views

CVE-2026-4497

CVE-2026-4497 (Totolink WA300) affects the /cgi-bin/cstecgi.cgi function recvUpgradeNewFw. Manipulation enables os command injection, with remote exploitation and a publicly disclosed exploit. Documents consistently identify the affected device/version (Totolink WA300 5.2cu.7112_B20190227) and th...

9.8CVSS6.8AI score0.00688EPSS

Exploits1References6Affected Software1

ATTACKERKB•added 2026/03/02 8:9 p.m.•6 views

CVE-2026-2256

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

6.5CVSS6.2AI score0.00755EPSS

Exploits2References5

RedhatCVE•added 2026/01/09 11:29 a.m.•8 views

CVE-2021-27691

Command Injection in Tenda G0 routers with firmware versions v15.11.0.69039CN and v15.11.0.55876CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This...

10CVSS8.3AI score0.04398EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:55 a.m.•8 views

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

9CVSS7AI score0.0204EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:59 a.m.•7 views

CVE-2020-7240

Meinberg Lantime M300 and M1000 devices allow attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script aka Extended Network Configuration. Note: According to the description, the vulnerability requires a fully authenticated...

9CVSS7.5AI score0.01138EPSS

Exploits1References1