CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2025/12/09 10:47 p.m.•8 views

Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

9.6CVSS8.5AI score0.0152EPSS

Exploits1References5Affected Software1

NVD•added 2025/12/09 9:15 p.m.•7 views

CVE-2023-53774

MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk record...

9.8CVSS0.00794EPSS

CVE•added 2025/12/09 8:44 p.m.•10 views

CVE-2021-47728

The CVE-2021-47728 entry concerns the Selea Targa IP OCR-ANPR Camera, with an unauthenticated command injection in utils.php. The vulnerability allows remote attackers to execute arbitrary shell commands by abusing the addr and port parameters, potentially gaining www-data user access via chained...

9.8CVSS7.9AI score0.02314EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/12/09 8:44 p.m.•4 views

CVE-2021-47728 Selea Targa IP Camera Remote Code Execution via Utils

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

9.3CVSS7.9AI score0.02314EPSS

Cvelist•added 2025/12/09 5:19 p.m.•46 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.10791EPSS

RedhatCVE•added 2025/12/09 9:33 a.m.•31 views

CVE-2025-14225

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed...

8.8CVSS7AI score0.07402EPSS

Exploits1References1

OSSF Malicious Packages•added 2025/12/09 8:5 a.m.•5 views

Malicious code in telcoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

7.6AI score

OSV•added 2025/12/09 8:5 a.m.•3 views

MAL-2025-192386 Malicious code in telcoo (PyPI)

7.5AI score

EUVD•added 2025/12/09 12:31 a.m.•5 views

EUVD-2025-201816

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

6.3CVSS5.4AI score0.01455EPSS

Tenable Nessus•added 2025/12/09 12:0 a.m.•3 views

Qnap QTS and QuTS hero Command Injection (CVE-2025-30264)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145...

8.8CVSS5.8AI score0.00932EPSS

Exploits0References2

NVD•added 2025/12/08 10:15 p.m.•3 views

CVE-2025-14276

6.3CVSS0.01455EPSS

Cvelist•added 2025/12/08 9:32 p.m.•22 views

CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection

6.3CVSS0.01455EPSS

CVE•added 2025/12/08 9:32 p.m.•7 views

CVE-2025-14276

CVE-2025-14276 affects Ilevia EVE X1 Server (versions up to 4.6.5.0.eden). The vulnerability is described as a command injection in an unknown function of the file /ajax/php/leaf_search.php, caused by manipulation of the argument line. It can be triggered remotely, with a high attack complexity a...

6.3CVSS6.4AI score0.01455EPSS

RedhatCVE•added 2025/12/08 1:11 p.m.•9 views

CVE-2025-14188

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

8.6CVSS6.7AI score0.02469EPSS

RedhatCVE•added 2025/12/08 12:15 p.m.•15 views

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

9CVSS8.6AI score0.09235EPSS

Exploits1References1

OSV•added 2025/12/08 10:15 a.m.•4 views

CVE-2025-14225

8.8CVSS5.6AI score0.07402EPSS

NVD•added 2025/12/08 10:15 a.m.•4 views

CVE-2025-14225

8.8CVSS0.07402EPSS