Lucene search
K

392 matches found

CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Algo 8028 Control Panel 操作系统命令注入漏洞

The Algo 8028 Control Panel is a web configuration interface for an access control intercom system from Algo. An operating system command injection vulnerability exists in Algo 8028 Control Panel version 3.3.3, which stems from the presence of command injection in the fm-data.lua endpoint, which...

8.8CVSS6AI score0.021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.3 views

PT-2026-2456

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS7.9AI score0.01203EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.8 views

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

9CVSS7.3AI score0.01869EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.10 views

CVE-2025-23052

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS7.9AI score0.01202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-1669

Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Description The FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection issue. An attacker with valid credentials can execute shell commands wit...

8.8CVSS7.6AI score0.13995EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.113 views

CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complet...

8.8CVSS0.13995EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

Cayin Signage Media Player 操作系统命令注入漏洞

Cayin Signage Media Player is a series of electronic signage playback terminals from Cayin, a Taiwan-based company. An operating system command injection vulnerability exists in Cayin Signage Media Player version 3.0, which originates from an authenticated remote command injection vulnerability i...

8.8CVSS7.8AI score0.01277EPSS
Exploits1References7
CVE
CVE
added 2025/12/31 6:39 p.m.14 views

CVE-2021-47745

CVE-2021-47745 affects Cypress Solutions CTM-200 firmware 2.7.1. The authenticated command injection occurs in the firmware upgrade script via the fw_url parameter in ctm-config-upgrade.sh, allowing a remote attacker to inject and execute arbitrary commands with root privileges. CVSS metrics indi...

8.8CVSS7.9AI score0.01189EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/31 12:31 a.m.7 views

EUVD-2022-55933

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

8.8CVSS7.6AI score0.02789EPSS
Exploits2References6
OSV
OSV
added 2025/12/30 11:15 p.m.4 views

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

8.8CVSS6.1AI score
Exploits0References5
NVD
NVD
added 2025/12/30 11:15 p.m.7 views

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

8.8CVSS0.02789EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.24 views

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

8.8CVSS0.02789EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.5 views

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

8.8CVSS7.7AI score0.02789EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.6 views

PT-2025-54241

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an authenticated command injection issue in the www-data-handler.php script. Attackers can inject system commands through the services POST parameter...

8.8CVSS7.8AI score0.02789EPSS
Exploits2References8
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.32 views

CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

8.8CVSS0.02325EPSS
Exploits2References3
CVE
CVE
added 2025/12/24 3:27 p.m.9 views

CVE-2025-43876

CVE-2025-43876 affects Johnson Controls iSTAR family (Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2). It is described as an authenticated web application command injection impacting get8021xSettings, with a root cause leading to unauthorized device access under certain circumstances. Publ...

8.7CVSS6.4AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2025/12/23 10:15 p.m.6 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS0.02701EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 10:15 p.m.7 views

CVE-2025-66213

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...

9.4CVSS0.02968EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/23 10:4 p.m.3 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS8.7AI score0.0318EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/23 10:4 p.m.28 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS0.0318EPSS
Exploits1References4
Rows per page
Query Builder