Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4598 matches found

CNNVD
CNNVDadded 2025/12/17 12:0 a.m.1 views

Belden HiSecOS 安全漏洞

Belden HiSecOS is an operating system for industrial security routers from Belden USA. A security vulnerability exists in Belden HiSecOS version 04.0.01 that stems from mishandling of XML configuration, which could lead to elevation of privilege...

8.8CVSS6.7AI score0.00017EPSS
Exploits0References4
EUVD
EUVDadded 2025/12/16 12:30 a.m.3 views

EUVD-2025-203470

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

5.8CVSS6.5AI score0.0004EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/12/16 12:0 a.m.3 views

PT-2025-51351

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.45 FreePBX versions prior to 17.0.24 Description FreePBX is a web-based graphical user interface for managing Asterisk. A local privilege escalation exists in the deprecated FreePBX startup script amportal in...

8.4CVSS6.7AI score0.00012EPSS
Exploits0References6
OSV
OSVadded 2025/12/15 11:18 p.m.2 views

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

6.9CVSS6.8AI score0.0009EPSS
Exploits1References4
NVD
NVDadded 2025/12/15 11:15 p.m.3 views

CVE-2025-14730

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

7.2CVSS0.0004EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/12/15 11:2 p.m.1 views

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

5.8CVSS6.7AI score0.0004EPSS
Exploits1References4
CNNVD
CNNVDadded 2025/12/15 12:0 a.m.2 views

CTCMS 代码注入漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A code injection vulnerability exists in CTCMS 2.1.2 and earlier versions, which stems from the improper handling of the parameter CjAdd/CjEdit by the unknown function in the file /ctcms/libs/CtConfig.php,...

7.2CVSS5.5AI score0.0004EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/12/14 12:0 a.m.1 views

NXLog Agent 安全漏洞

NXLog Agent is a log management software from NXLog USA. A security vulnerability exists in NXLog Agent versions prior to 6.11, which originates from a file specified by the loadable OPENSSLCONF environment variable...

8.1CVSS6.6AI score0.00014EPSS
Exploits0References2
Veracode
Veracodeadded 2025/12/13 4:8 a.m.7 views

Command Injection

sqls-server/sqls is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the EDITOR environment variable and config file path in the openEditor function, which allows an attacker to execute arbitrary commands through crafted input passed to sh -c...

7.5CVSS6.1AI score0.00581EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/12 1:6 a.m.5 views

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS7.9AI score0.00183EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/12/11 12:0 a.m.3 views

PT-2025-50691

Name of the Vulnerable Software and Affected Versions Ruijie RG-S1930 versions S1930SWITCH 3.01B11P230 Description An OS Command Injection issue exists in Ruijie RG-S1930. Successful exploitation allows attackers to execute arbitrary commands. This is achieved by sending a crafted POST request to...

8.8CVSS7.2AI score0.01079EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/12/11 12:0 a.m.18 views

CVE-2025-56120

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

0.00675EPSS
Exploits1References3
CVE
CVEadded 2025/12/11 12:0 a.m.11 views

CVE-2025-56120

The CVE-2025-56120 issue affects the Ruijie X60 PRO family (X60_10212014RG-X60 PRO) with firmware versions V1.00 and V2.00. The root cause is an OS Command Injection via a crafted POST request to the module_set in /usr/local/lua/dev_config/config_retain.lua, enabling arbitrary command execution w...

8.8CVSS7.5AI score0.00675EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/10 1:35 a.m.3 views

CVE-2025-14286

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

7.5CVSS5.4AI score0.00055EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/12/10 12:0 a.m.2 views

PT-2025-50355

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins stores build authorization tokens unencrypted in config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission, ...

4.3CVSS6.4AI score0.00076EPSS
Exploits0References4
EUVD
EUVDadded 2025/12/09 6:30 p.m.5 views

EUVD-2025-201856

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

6.9CVSS6.3AI score0.00055EPSS
Exploits1References6
EUVD
EUVDadded 2025/12/09 6:30 p.m.2 views

EUVD-2024-55309

A vulnerability has been identified in RUGGEDCOM ROX II family All versions V2.17.0. The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system...

8.8CVSS6.8AI score0.00019EPSS
Exploits0References2
OSV
OSVadded 2025/12/09 4:17 p.m.0 views

CVE-2025-14286

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

7.5CVSS5.6AI score0.00055EPSS
Exploits1References5
NVD
NVDadded 2025/12/09 4:17 p.m.2 views

CVE-2025-14286

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

7.5CVSS0.00055EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/12/09 1:32 a.m.28 views

CVE-2025-14286 Tenda AC9 Configuration File DownloadCfg.jpg information disclosure

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

6.9CVSS0.00055EPSS
Exploits1References5
Rows per page
Query Builder