Lucene search
K

458021 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.71 views

Sophos Web Appliance - Remote Code Execution

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. id: CVE-2023-1671 info: name: Sophos Web Appliance - Remote Code Execution author: Co5mos severity: critical description: | A pre-auth...

9.8CVSS9AI score0.99999EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.170 views

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

9.8CVSS9.2AI score0.99105EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.856 views

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

9.8CVSS7.7AI score0.99987EPSS
Exploits64References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.158 views

rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...

9.8CVSS8.5AI score0.99683EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.72 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS8.4AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.38 views

Joomla! <3.7.1 - SQL Injection

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-8917 info: name: Joomla! 3.7.1 - SQL Injection...

9.8CVSS8.9AI score0.99826EPSS
Exploits21References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

Apache Log4j2 Remote Code Injection

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...

10CVSS8AI score0.99999EPSS
Exploits347References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.58 views

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

7.8CVSS7.5AI score0.9024EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.214 views

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

9.8CVSS8.5AI score0.99999EPSS
Exploits45References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.45 views

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

10CVSS8.5AI score0.99999EPSS
Exploits6References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.139 views

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

9CVSS8.2AI score0.99977EPSS
Exploits39References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.62 views

Barco/AWIND OEM Presentation Platform - Remote Command Injection

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS8.5AI score0.98952EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.55 views

D-Link Routers - Remote Code Execution

D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...

10CVSS9.2AI score0.99996EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via confmail.php. id: CVE-2022-29303 info: name: SolarView Compact 6.00 - OS Command Injection author: badboycxcc severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injecti...

10CVSS8.3AI score0.99922EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.95 views

Apache Spark UI - Remote Command Injection

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...

8.8CVSS8.5AI score0.92984EPSS
Exploits12References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.59 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS9AI score0.99174EPSS
Exploits24References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.150 views

Zyxel NAS Firmware 5.21- Remote Code Execution

Multiple Zyxel network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using th...

10CVSS9.9AI score0.99988EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.101 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS9.1AI score0.96626EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.68 views

Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

9.8CVSS8.9AI score0.9995EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.41 views

ManageEngine ADManager Plus - Command Injection

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. id: CVE-2023-29084 info: name: ManageEngine ADManager Plus - Command Injection author: rootxharsh,iamnoooob,pdresearch severity: high description: | Zoho ManageEngine...

7.2CVSS7.3AI score0.98388EPSS
Exploits2References5
Rows per page
Query Builder