CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19583 matches found

NVD•added 2026/01/12 6:16 a.m.•3 views

CVE-2026-0854

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS0.01025EPSS

Exploits0References2

CNNVD•added 2026/01/12 12:0 a.m.•3 views

Merit LILIN IP Camera Series 操作系统命令注入漏洞

The Merit LILIN IP Camera Series is a series of IP video recorders from Merit LILIN of Taiwan, China. The Merit LILIN IP Camera Series suffers from an operating system command injection vulnerability that stems from OS command injection, which could allow an authenticated, remote attacker to inje...

8.8CVSS7.8AI score0.01081EPSS

Exploits0References2

GithubExploit•added 2026/01/11 7:59 a.m.•161 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Vulnerability Detection and Exploitation Tool...

10CVSS7.4AI score0.99562EPSS

Exploits367

NVD•added 2026/01/10 8:15 a.m.•3 views

CVE-2025-15502

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be...

9.8CVSS0.05577EPSS

Exploits1References5

EUVD•added 2026/01/10 8:2 a.m.•3 views

EUVD-2026-1855

7.5CVSS7.3AI score0.05577EPSS

Exploits1References6

EUVD•added 2026/01/10 12:30 a.m.•5 views

EUVD-2025-206270

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS6.5AI score0.05593EPSS

Exploits1References6

EUVD•added 2026/01/10 12:30 a.m.•3 views

EUVD-2025-206269

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...

9CVSS6.4AI score0.05271EPSS

Exploits1References6

Positive Technologies•added 2026/01/10 12:0 a.m.•4 views

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

7.5CVSS7.7AI score0.05577EPSS

Exploits1References10

Cvelist•added 2026/01/09 10:32 p.m.•22 views

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

10CVSS0.06369EPSS

Exploits1References5

Vulnrichment•added 2026/01/09 10:32 p.m.•4 views

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

10CVSS6.4AI score0.06369EPSS

Exploits1References5

OSV•added 2026/01/09 10:15 p.m.•2 views

CVE-2025-15500

9.8CVSS5.7AI score0.05593EPSS

Exploits1References5

NVD•added 2026/01/09 10:15 p.m.•8 views

CVE-2025-15500

10CVSS0.05593EPSS

Exploits1References5

OSV•added 2026/01/09 10:15 p.m.•2 views

CVE-2025-15499

9.8CVSS5.5AI score

Exploits0References5

Vulnrichment•added 2026/01/09 9:32 p.m.•8 views

CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection

10CVSS6.6AI score0.05593EPSS

Exploits1References5

Cvelist•added 2026/01/09 9:32 p.m.•22 views

CVE-2025-15499 Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection

9CVSS0.05271EPSS

Exploits1References5

Vulnrichment•added 2026/01/09 9:32 p.m.•3 views

CVE-2025-15499 Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection

9CVSS6.6AI score0.05271EPSS

Exploits1References5

CVE•added 2026/01/09 9:32 p.m.•10 views

CVE-2025-15499

Sangfor Operation and Maintenance Management System (versions up to 3.0.8) is affected by an OS command injection in the uploadCN function of VersionController.java. The root cause is manipulation of the filename argument, enabling remote exploitation. Public disclosure and exploitation activity ...

9.8CVSS6.6AI score0.05271EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

7.2CVSS7.2AI score0.02037EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:36 p.m.•4 views

CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS7.2AI score0.02299EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:35 p.m.•4 views

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...

8.8CVSS7.7AI score0.02127EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by