CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/11 12:0 a.m.•4 views

SAPIDO RB-1732 安全漏洞

SAPIDO RB-1732 is a wireless router produced by SAPIDO Company in Taiwan, China. The SAPIDO RB-1732 V2.0.43 version has a security vulnerability. This vulnerability stems from the formSysCmd endpoint, which allows remote command execution, potentially enabling unverified attackers to execute...

9.8CVSS6.1AI score0.00266EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•3 views

PT-2026-24781

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to...

9.8CVSS6.3AI score0.00266EPSS

Exploits0References4

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2025-208494

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

EUVD•added 2026/03/10 6:31 p.m.•0 views

EUVD-2025-208493

CVE•added 2026/03/10 4:44 p.m.•12 views

CVE-2025-54820

Fortinet FortiManager contains a Stack-based Buffer Overflow (CWE-121) affecting FortiManager 7.4.0–7.4.2, 7.2.0–7.2.10, and all 6.4 versions. An unauthenticated remote attacker could craft requests to execute unauthorized commands if the service is enabled. The flaw is related to bypassing stack...

Exploits0References1Affected Software1

Tenable Nessus•added 2026/03/10 12:0 a.m.•9 views

Fortinet FortiManager Buffer overflow via fgtupdates service (FG-IR-26-098)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-098 advisory. - A Stack-based Buffer Overflow vulnerability CWE-121 in FortiManager fgtupdates service may allow a remote unauthenticate...

OSV•added 2026/03/09 10:9 a.m.•2 views

MAL-2026-1290 Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

6AI score

OSSF Malicious Packages•added 2026/03/09 10:9 a.m.•7 views

Malicious code in remjsonparse (PyPI)

6AI score

Vulnrichment•added 2026/03/07 1:32 p.m.•2 views

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

5.8CVSS5.6AI score0.00243EPSS

Exploits1References4

Positive Technologies•added 2026/03/07 12:0 a.m.•2 views

PT-2026-23781

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch contains an OS command injection issue in the /goform/PingTestSet API endpoint. Unauthenticated remote attackers can execute...

9.8CVSS6.4AI score0.00293EPSS

Exploits0References11

Tenable Nessus•added 2026/03/06 12:0 a.m.•2 views

NewStart CGSL MAIN 6.06 (SP) : vim Vulnerability (NS-SA-2026-0010)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated...

9.3CVSS6.1AI score0.54077EPSS

Exploits5References3

Packet Storm•added 2026/03/05 12:0 a.m.•126 views

📄 Juniper JunosEvolved Remote Command Execution

This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...

9.8CVSS6.1AI score0.00098EPSS

Exploits2

Tenable Nessus•added 2026/03/05 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: atril (UTSA-2026-005397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005397 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in...

8.5CVSS5.9AI score0.13707EPSS

Exploits2References4

RedhatCVE•added 2026/03/04 1:57 a.m.•28 views

CVE-2025-52365

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...

7.8CVSS6.2AI score0.0013EPSS

ATTACKERKB•added 2026/03/03 9:21 p.m.•4 views

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

8.8CVSS6AI score0.00029EPSS