Lucene search
K

70687 matches found

Nuclei
Nuclei
added 7 hours ago23 views

Enigma NMS < 65.0.0 - Authenticated OS Command Injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...

10CVSS7.7AI score0.25279EPSS
Exploits5References3
Nuclei
Nuclei
added 7 hours ago366 views

elFinder <= 2.1.47 - Command Injection

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. The vulnerability occurs when performing image operations on JPEG files, where the filename is passed to the exiftran utility without proper sanitization, allowing command injection. id: CVE-2019-9194 info: name:...

9.8CVSS8.3AI score0.96633EPSS
Exploits11References5
Nuclei
Nuclei
added 7 hours ago52 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.4AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago34 views

Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised...

9.8CVSS7.2AI score0.25115EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago82 views

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...

8.8CVSS7.5AI score0.08461EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago6 views

Lodash Template - Server-Side Template Injection (RCE)

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...

7.2CVSS6.8AI score0.2241EPSS
Exploits2References4
Nuclei
Nuclei
added 7 hours ago93 views

GenieACS => 1.2.8 - OS Command Injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...

9.8CVSS7.3AI score0.21901EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago19 views

Acmailer - Improper Access Control to OS Command Injection

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

10CVSS7.5AI score0.07871EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago37 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.5AI score0.40617EPSS
Exploits8References5
Nuclei
Nuclei
added 7 hours ago28 views

RaspAP <=2.6.5 - Remote Command Injection

RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...

9.8CVSS7.6AI score0.17905EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago15 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6.1AI score0.19976EPSS
Exploits4References4
Nuclei
Nuclei
added 7 hours ago10 views

sar2html <=3.2.2 Plot Parameter - Remote Code Execution

sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands. id: CVE-2025-34030 info: name: sar2html...

10CVSS7.5AI score0.59067EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago78 views

MajorDoMo thumb.php - OS Command Injection

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. id: CVE-2023-50917 info: name: MajorDoMo thumb.php - OS Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS7.4AI score0.38263EPSS
Exploits6References5
Nuclei
Nuclei
added 7 hours ago56 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.6AI score0.25889EPSS
Exploits4References4
Nuclei
Nuclei
added 7 hours ago12 views

Blink Router - Command Injection

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function. id: CVE-2025-45985 info: name: Blin...

9.8CVSS7.3AI score0.07116EPSS
Exploits1References1
Nuclei
Nuclei
added 7 hours ago395 views

LearnPress < 4.2.5.8 - Remote Code Execution

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

9.8CVSS7.6AI score0.08544EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago110 views

DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

9.8CVSS7.5AI score0.4871EPSS
Exploits1References1
Nuclei
Nuclei
added 7 hours ago36 views

Chamilo Command Injection

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. id: CVE-2023-34960 info: name: Chamilo Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS9AI score0.99397EPSS
Exploits9References5
Nuclei
Nuclei
added 7 hours ago9 views

D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp. id: CVE-2023-25280 info: name: D-Link DIR820LA1FW105B03 'pingaddr' - OS Command Injection author: pussycat0x severity:...

9.8CVSS6.8AI score0.98053EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago14 views

Zeroshell 3.9.3 - Command Injection

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. id: CVE-2020-29390 info: name: Zeroshell 3.9.3 - Command...

10CVSS7.4AI score0.36672EPSS
Exploits1References3
Rows per page
Query Builder