Lucene search
K

1283 matches found

NVD
NVD
added 2026/02/04 7:15 a.m.9 views

CVE-2026-20980

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...

7CVSS0.00227EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 6:14 a.m.5 views

CVE-2026-20981

Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege...

5.4CVSS5.7AI score0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6403

Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...

9.9CVSS6AI score0.00568EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

Hikvision Wireless Access Points security vulnerabilities

Hikvision Wireless Access Points are wireless access point devices produced by the Chinese company Hikvision. There are security vulnerabilities in Hikvision Wireless Access Points, and these vulnerabilities stem from insufficient input validation, which may allow authenticated attackers to execu...

7.2CVSS6.2AI score0.00821EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.6 views

PT-2026-5284

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-4924

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0 Description Victor CMS version 1.0 has a file upload issue. Authenticated users can upload malicious PHP files through the profile image upload feature. An attacker can upload a PHP shell to the /img directory and execut...

8.8CVSS5.6AI score0.00611EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : nautilus-3.22.3-4.el7 (AXSA:2018-2543:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2543:01 advisory. An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the...

6.5CVSS6.3AI score0.02471EPSS
Exploits1References2
OSV
OSV
added 2026/01/13 11:15 p.m.6 views

CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.3CVSS6.7AI score
Exploits0References7
CVE
CVE
added 2026/01/13 10:51 p.m.23 views

CVE-2022-50911

Bitrix24 is affected by CVE-2022-50911 per connected sources, described as an authenticated remote code execution vulnerability. An attacker with valid credentials could abuse the PHP command-line administration interface by sending crafted POST requests to an admin endpoint to execute arbitrary ...

8.4AI score0.00162EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/13 8:7 p.m.4 views

CVE-2025-37176 Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...

6.5CVSS7.4AI score0.01245EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 8:7 p.m.11 views

CVE-2025-37176

CVE-2025-37176 is an authenticated command-injection vulnerability in Aruba AOS-8. An authenticated privileged user can alter a package header to inject shell commands, potentially causing arbitrary command execution with the privileges of the impacted mechanism. The issue is documented across mu...

7.2CVSS7.4AI score0.01245EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.5 views

PT-2026-2459

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

7.2CVSS7.5AI score0.0043EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2336

Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager WorkStation affected versions not specified Description An unauthenticated attacker can create a malicious Java Network Launch Protocol JNLP file accessible via a public URL. When a victim clicks this URL...

9.6CVSS6.8AI score0.00351EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/09 12:43 p.m.7 views

CVE-2005-1639

SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, or 3 domain fields...

7.5CVSS8.8AI score0.01316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.6 views

CVE-2021-33736

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

7.2CVSS7.2AI score0.01144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.8 views

CVE-2021-33729

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database...

8.8CVSS7.3AI score0.02305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.7 views

CVE-2022-23770

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

9.8CVSS7.4AI score0.01399EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-1849

Name of the Vulnerable Software and Affected Versions D-Link Router DIR-605L version V6.02CN02 Hardware version F1 Description An issue exists in D-Link Router DIR-605L that allows an attacker with physical access to the UART pins to execute arbitrary commands. This is due to the presence of root...

6.8CVSS6.8AI score0.00373EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.8 views

CVE-1999-0207

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command...

7.5CVSS7.5AI score0.08717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.7 views

CVE-1999-0868

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN...

7.2CVSS7.7AI score0.01504EPSS
Exploits0References1
Rows per page
Query Builder