Lucene search
K

256 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23925

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.01351EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49097

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-9519

Malicious code in bioql PyPI...

9.2CVSS6.6AI score0.00531EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 11:7 p.m.11 views

CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

5.3CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/21 9:29 a.m.8 views

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

7.2CVSS0.00594EPSS
Exploits1References1
Veracode
Veracode
added 2025/07/18 5:54 a.m.7 views

Command Injection

@sunwood-ai-labs/github-kanban-mcp-server is vulnerable to command injection. The vulnerability is due to the use of the unsafe exec API with untrusted user input in the addcomment tool, which allows an attacker to execute arbitrary system commands through crafted input...

9.3CVSS7.5AI score0.01287EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/12 12:28 a.m.11 views

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

10CVSS9.7AI score0.95343EPSS
Exploits24References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:11 p.m.9 views

CVE-2020-11830

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0...

10CVSS7.6AI score0.01446EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 1:59 a.m.68 views

CVE-2025-31340

Wisdom Master Pro, versions 5.0–5.2, is affected by CVE-2025-31340 due to improper control of included/required filenames in the retrieve course Information PHP function. This allows remote execution of arbitrary system commands via a malicious file. Root cause: insecure include/require filename ...

9.9CVSS7.4AI score0.00428EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/03/03 12:0 a.m.629 views

D-Tale Remote Code Execution

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.3AI score0.77951EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2024/12/19 4:1 a.m.12 views

CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

9.4CVSS7AI score0.00726EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 1:15 p.m.19 views

CVE-2024-10771

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...

8.8CVSS0.01074EPSS
Exploits0References6
CVE
CVE
added 2024/11/29 6:57 a.m.59 views

CVE-2024-11983

CVE-2024-11983 affects several Billion Electric routers (e.g., M100, M150, M120N, M500). All sources describe an OS Command Injection vulnerability in a specific SSH function that allows remote administrators to inject and execute arbitrary system commands on the device. The issue is attributed t...

7.2CVSS7.5AI score0.01093EPSS
Exploits0References2
NVD
NVD
added 2024/11/15 2:15 a.m.18 views

CVE-2024-11120

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

9.8CVSS0.28554EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/15 2:0 a.m.50 views

CVE-2024-11120 GeoVision EOL devices - OS Command Injection

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

9.8CVSS0.28554EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/15 2:0 a.m.28 views

CVE-2024-11120 GeoVision EOL devices - OS Command Injection

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

9.8CVSS8.2AI score0.28554EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

GeoVision EOL 操作系统命令注入漏洞

GeoVision EOL is a series of surveillance devices from the Chinese company GeoVision. GeoVision EOL suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker being able to inject and execute arbitrary system commands on the device...

9.8CVSS9.8AI score0.28554EPSS
Exploits1References2
NVD
NVD
added 2024/11/11 8:15 a.m.19 views

CVE-2024-11066

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page...

7.2CVSS0.01799EPSS
Exploits0References3
NVD
NVD
added 2024/11/11 8:15 a.m.15 views

CVE-2024-11065

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...

7.2CVSS0.01325EPSS
Exploits0References2
NVD
NVD
added 2024/11/11 8:15 a.m.16 views

CVE-2024-11064

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...

7.2CVSS0.01325EPSS
Exploits0References2
Rows per page
Query Builder