Lucene search
K

458029 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.101 views

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

10CVSS9.1AI score0.96626EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.68 views

Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

9.8CVSS8.9AI score0.9995EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.41 views

ManageEngine ADManager Plus - Command Injection

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. id: CVE-2023-29084 info: name: ManageEngine ADManager Plus - Command Injection author: rootxharsh,iamnoooob,pdresearch severity: high description: | Zoho ManageEngine...

7.2CVSS7.3AI score0.98388EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.61 views

Apache Airflow <=1.10.10 - Remote Code Execution

Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending on the executor in us...

8.8CVSS8.5AI score0.99118EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.10 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7.7AI score0.86431EPSS
Exploits6References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.29 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS8.1AI score0.99585EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.35 views

Joomla! Core SQL Injection

A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. id: CVE-2015-7297 info: name: Joomla! Core SQL Injection author: princechaddha severity: high description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote...

7.5CVSS6.5AI score0.99967EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.51 views

NETGEAR WNAP320 Access Point Firmware - Remote Command Injection

NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2016-1555 info: name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection author: gy741 severity: critical...

10CVSS8.4AI score0.98325EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.184 views

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

7.5CVSS7.2AI score0.99974EPSS
Exploits20References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.65 views

D-Link NAS - Command Injection via Name Parameter

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os command...

9.8CVSS7.6AI score0.97432EPSS
Exploits11References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.98 views

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

9.6CVSS9.4AI score0.99951EPSS
Exploits5References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.154 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS9.1AI score0.99485EPSS
Exploits20References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.26 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

9.8CVSS8.5AI score0.99273EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.284 views

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS8.9AI score0.86205EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.100 views

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

9.8CVSS7.2AI score0.99997EPSS
Exploits8References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.83 views

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. id: CVE-2024-21887 info: name: Ivanti Connect Secure...

9.1CVSS9AI score0.99999EPSS
Exploits23References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.67 views

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

8.8CVSS9.1AI score0.9767EPSS
Exploits6References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.179 views

Cacti <=1.2.22 - Remote Command Injection

Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS...

9.8CVSS9.2AI score0.99826EPSS
Exploits48References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.48 views

DrayTek Vigor - Command Injection

DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...

9.8CVSS8AI score0.98125EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.50 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS9.1AI score0.87575EPSS
Exploits2References5
Rows per page
Query Builder