Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/12 6:30 a.m.11 views

EUVD-2026-36389

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS5.5AI score0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-3221

Malware in sbrugna...

4.4CVSS6.4AI score0.00513EPSS
Exploits1References5
CVE
CVE
added 2025/07/17 1:50 p.m.28 views

CVE-2025-53927

MaxKB before 2.0.0 has a sandbox bypass where the security design restricts only a specific directory’s execution permissions. An attacker can abuse Python’s shutil.copy2 to copy a command into the executable directory, bypassing the directory restrictions and enabling a reverse shell. Affected p...

6.3CVSS7.1AI score0.00226EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/17 1:50 p.m.3 views

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

4.6CVSS7.6AI score0.00226EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.5 views

CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...

7.6AI score0.00344EPSS
Exploits1References2
OSV
OSV
added 2023/12/05 6:15 a.m.4 views

CVE-2022-47531

An issue was discovered in Ericsson Evolved Packet Gateway EPG versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell...

8.8CVSS5.9AI score0.00969EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/01/18 5:56 a.m.90 views

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...

10CVSS1.2AI score0.95764EPSS
Exploits5
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.5 views

Ericsson Evolved Packet Gateway 安全漏洞

Ericsson Evolved Packet Gateway is a multifunctional gateway for mobile communications from Ericsson, Sweden. A security vulnerability exists in Ericsson Evolved Packet Gateway that stems from a lack of input validation. The vulnerability can be exploited to bypass the system CLI and execute...

8.8CVSS8AI score0.00969EPSS
Exploits0References1
OSV
OSV
added 2021/10/19 7:15 p.m.6 views

CVE-2021-31357

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...

7.8CVSS6AI score0.00631EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/01/19 8:0 p.m.18 views

CVE-2016-9016

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...

8.8AI score0.0035EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2013/12/24 12:0 a.m.17 views

wemux -- read-only can be bypassed

JonApps reports: The read-only mode can be bypassed and any command sent to bash session...

1.1AI score
Exploits0References1
OSV
OSV
added 2012/06/05 10:55 p.m.1 views

DEBIAN-CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS9AI score0.06489EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/01/10 12:0 a.m.37 views

Cisco IOS Command EXEC Unspecified Vulnerability

An unspecified vulnerability in Command EXEC allows local users to bypass command restrictions and obtain sensitive information via an unspecified 'variation of an IOS command'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17775; scriptversion"1.5";...

2.1CVSS5.4AI score0.00374EPSS
Exploits0References1
Prion
Prion
added 2011/05/16 6:55 p.m.13 views

Command injection

usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command...

2.1CVSS6.7AI score0.00364EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder