Lucene search
K

457930 matches found

CVE
CVE
added 2026/06/16 8:18 a.m.13 views

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

8.8CVSS5.4AI score0.00771EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 8:18 a.m.9 views

EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS5.5AI score0.00771EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 a.m.11 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 7:57 a.m.3 views

SUSE-SU-2026:2408-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...

9.1CVSS5.2AI score0.01231EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 7:53 a.m.5 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.718 views

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

9.8CVSS8.5AI score0.99869EPSS
Exploits23References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

Apache Log4j2 Remote Code Injection

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...

10CVSS8AI score0.99999EPSS
Exploits347References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.41 views

ManageEngine ADManager Plus - Command Injection

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. id: CVE-2023-29084 info: name: ManageEngine ADManager Plus - Command Injection author: rootxharsh,iamnoooob,pdresearch severity: high description: | Zoho ManageEngine...

7.2CVSS7.3AI score0.98388EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.58 views

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

7.8CVSS7.5AI score0.9024EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.139 views

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

9CVSS8.2AI score0.99977EPSS
Exploits39References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.179 views

Cacti <=1.2.22 - Remote Command Injection

Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS...

9.8CVSS9.2AI score0.99826EPSS
Exploits48References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.67 views

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

8.8CVSS9.1AI score0.9767EPSS
Exploits6References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.98 views

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

9.6CVSS9.4AI score0.99951EPSS
Exploits5References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.284 views

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS8.9AI score0.86205EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.184 views

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

7.5CVSS7.2AI score0.99974EPSS
Exploits20References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.37 views

Joomla! <3.7.1 - SQL Injection

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-8917 info: name: Joomla! 3.7.1 - SQL Injection...

9.8CVSS8.9AI score0.99826EPSS
Exploits21References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.154 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS9.1AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.65 views

D-Link NAS - Command Injection via Name Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os command...

9.8CVSS7.6AI score0.97432EPSS
Exploits11References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.48 views

DrayTek Vigor - Command Injection

DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...

9.8CVSS8AI score0.98125EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.50 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS9.1AI score0.87575EPSS
Exploits2References5
Rows per page
Query Builder