Lucene search
K

11236 matches found

Nuclei
Nuclei
added 20 hours ago35 views

Pandora FMS 7.0NG - Remote Command Injection

Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...

9CVSS7.4AI score0.50615EPSS
Exploits5References5
Nuclei
Nuclei
added 20 hours ago59 views

Appium Desktop Server - Remote Code Execution

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. id: CVE-2023-2479 info: name: Appium Desktop Server - Remote Code Execution author: zn9988 severity: critical description: | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...

9.8CVSS7.2AI score0.22014EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago112 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7.2AI score0.82585EPSS
Exploits6References5
Nuclei
Nuclei
added 20 hours ago15 views

Blink Router - Command Injection

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function. id: CVE-2025-45985 info: name: Blin...

9.8CVSS7.2AI score0.07116EPSS
Exploits1References1
Nuclei
Nuclei
added 20 hours ago937 views

Embedded JavaScript(EJS) 3.1.6 - Template Injection

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. id: CVE-2023-29827 info: name: Embedded JavaScriptEJS 3.1.6 - Template Injection author:...

9.8CVSS7.2AI score0.05552EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago66 views

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...

9.8CVSS6.3AI score0.04675EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago29 views

TurboMeeting - Post-Authentication Command Injection

The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...

7.2CVSS6.2AI score0.03216EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago27 views

Chaosblade < 1.7.4 - Remote Code Execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...

8.6CVSS6.1AI score0.01669EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago85 views

IBM Operational Decision Manager - JNDI Injection

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. id: CVE-2024-22319 info: name: IBM Operational Decision Manager -...

9.8CVSS7.8AI score0.764EPSS
Exploits0
Nuclei
Nuclei
added 20 hours ago31 views

Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...

9.8CVSS7.2AI score0.95076EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago34 views

Fujian Kelixin Communication - Command Injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. id: CVE-2024-2621 info: name: Fujian Kelixin Communication - Command...

9.8CVSS6.4AI score0.0194EPSS
Exploits0References6
Nuclei
Nuclei
added 20 hours ago133 views

Change Detection - Server Side Template Injection

A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...

10CVSS7.3AI score0.83722EPSS
Exploits5References4
Nuclei
Nuclei
added 20 hours ago39 views

Cassia Gateway Firmware - Remote Code Execution

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. id: CVE-2023-31446 info: name: Cassia Gateway Firmware - Remote Code...

9.8CVSS7.2AI score0.61081EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago78 views

cPH2 Charging Station v1.87.0 - OS Command Injection

An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. id: CVE-2023-46359 info: name: cPH2...

9.8CVSS7.5AI score0.80888EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago66 views

WAVLINK WN530H4 live_api.cgi - Command Injection

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...

10CVSS7.5AI score0.75215EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago42 views

Faculty Evaluation System v1.0 - Remote Code Execution

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=saveuser. id: CVE-2023-33440 info: name: Faculty Evaluation System v1.0 - Remote Code Execution author: Harsh severity: high description: | Sourcecodester Faculty Evaluation System v1...

7.2CVSS7.6AI score0.14507EPSS
Exploits4References5
Nuclei
Nuclei
added 20 hours ago219 views

Cuppa CMS v1.0 - Remote Code Execution

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php. id: CVE-2022-37190 info: name: Cuppa CMS v1.0 - Remote Code Execution author: theamanrawat severity: high description: | CuppaCMS 1.0 is vulnerable ...

8.8CVSS7.3AI score0.45769EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago55 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.6AI score0.7165EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago61 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.3AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added 20 hours ago117 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.4AI score0.03848EPSS
Exploits1References3
Rows per page
Query Builder