Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19591 matches found

Rosalinux
Rosalinuxadded 2025/11/10 6:23 a.m.16 views

Advisory ROSA-SA-2025-3076

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 unaffected versions = openssh-8.0p1-26.0.2.2.rv30 affected versions openssh-8.0p1-26.0.2.2.rv30 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool...

7.8CVSS7.1AI score0.94072EPSS
Exploits24
VulnCheck KEV
VulnCheck KEVadded 2025/11/10 12:0 a.m.12 views

VulnCheck KEV: CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

8.8CVSS5.4AI score0.05871EPSS
In wildExploits1References63
NVD
NVDadded 2025/11/09 12:15 a.m.5 views

CVE-2025-12916

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

9.8CVSS0.04598EPSS
Exploits1References4
OSV
OSVadded 2025/11/09 12:15 a.m.2 views

CVE-2025-12916

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

9.8CVSS5.5AI score0.04598EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/11/08 11:32 p.m.11 views

CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

6.5CVSS0.04598EPSS
Exploits1References4
OSV
OSVadded 2025/11/07 8:15 p.m.4 views

AZL-69830 CVE-2025-10230 affecting package samba 4.18.3-2

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.5AI score0.38991EPSS
Exploits2References1
OSV
OSVadded 2025/11/07 8:15 p.m.4 views

ALPINE-CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.1AI score0.38991EPSS
Exploits2References1
NVD
NVDadded 2025/11/07 8:15 p.m.5 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS0.38991EPSS
Exploits2References5
EUVD
EUVDadded 2025/11/07 7:42 p.m.5 views

EUVD-2025-38301

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS6.4AI score0.38991EPSS
Exploits2References4
Cvelist
Cvelistadded 2025/11/07 7:42 p.m.10 views

CVE-2025-10230 Samba: command injection in wins server hook script

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS0.38991EPSS
Exploits2References3
Vulnrichment
Vulnrichmentadded 2025/11/07 7:42 p.m.3 views

CVE-2025-10230 Samba: command injection in wins server hook script

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS6.7AI score0.38991EPSS
Exploits2References3
AlpineLinux
AlpineLinuxadded 2025/11/07 7:42 p.m.14 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS6.9AI score0.38991EPSS
Exploits2
NVD
NVDadded 2025/11/07 2:15 a.m.3 views

CVE-2025-11546

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...

9.3CVSS0.00401EPSS
Exploits0References1
CVE
CVEadded 2025/11/07 1:9 a.m.20 views

CVE-2025-11546

The CVE-2025-11546 entry affects NEC CLUSTERPRO X for Linux (versions 4.0–5.2), EXPRESSCLUSTER X for Linux (4.0–5.2), CLUSTERPRO X SingleServerSafe for Linux (4.0–5.2), and EXPRESSCLUSTER X SingleServerSafe for Linux (4.0–5.2). The connected sources describe an OS command injection vulnerability ...

9.3CVSS6.8AI score0.00401EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/07 1:9 a.m.3 views

EUVD-2025-38189

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...

9.3CVSS6.7AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/11/07 12:0 a.m.5 views

Samba 操作系统命令注入漏洞

Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...

10CVSS7.5AI score0.38991EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.2 views

PT-2025-45536

CVE-2025-64477 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2025-64477 Published : Nov. 6, 2025, 4:15 a.m. | 3 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

6.7AI score
Exploits0References1
Veracode
Veracodeadded 2025/11/05 7:3 a.m.4 views

OS Command Injection

@sequa-ai/sequa-mcp is vulnerable to OS Command Injection. Thee vulnerability is due to improper validation of redirect URLs due to the redirectToAuthorization function opening unvalidated/non-sequa URLs. An attacker can exploit this by supplying a crafted redirect URL to trigger remote OS comman...

6.5CVSS6.5AI score0.01628EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2025/11/04 11:15 p.m.4 views

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

8.8CVSS0.00314EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/11/04 8:18 p.m.319 views

Exploit for CVE-2020-14882

🔴 CVE-2020-14882 — Oracle WebLogic Remote Code Execution RCE...

10CVSS9.2AI score0.99997EPSS
Exploits43
Rows per page
Query Builder