CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description Multiple OS command injection flaws exist in the swctrl functionality. A crafted network request can result in arbitrary command execution. The new password request parameter is involved in...

8.8CVSS7.4AI score0.03686EPSS

Exploits1References6

Positive Technologies•added 2025/10/07 12:0 a.m.•4 views

PT-2025-41179

Name of the Vulnerable Software and Affected Versions D-Link DI-7001 MINI version 24.04.18B1 Description A flaw exists in D-Link DI-7001 MINI version 24.04.18B1. The issue involves manipulation of the path argument within the file /upgrade filter.asp, leading to os command injection. This...

6.5CVSS6.1AI score0.04033EPSS

Exploits1References8

RedhatCVE•added 2025/10/06 6:17 p.m.•6 views

CVE-2025-11298

A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument mwanipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and m...

8.8CVSS6.3AI score0.06888EPSS

Exploits1References1

RedhatCVE•added 2025/10/06 2:14 p.m.•3 views

CVE-2025-11292

A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing a manipulation of the argument wanipaddr can lead to command injection. The attack can be launched remotely. The exploit has been made available to the publ...

8.8CVSS6.4AI score0.06888EPSS

Exploits1References1

NVD•added 2025/10/06 1:15 p.m.•6 views

CVE-2025-11335

A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...

7.2CVSS0.04755EPSS

Exploits0References6

EUVD•added 2025/10/06 12:32 p.m.•3 views

EUVD-2025-32533

5.8CVSS6.5AI score0.04755EPSS

Exploits0References7

HackRead•added 2025/10/06 10:22 a.m.•4 views

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

WatchTowr finds a serious flaw in Dell UnityVSA CVE-2025-36604 letting attackers run commands without login. Dell issues patch 5.5.1 - update now...

9.8CVSS7.2AI score0.61923EPSS

Exploits1

OSV•added 2025/10/06 10:15 a.m.•3 views

CVE-2025-11331

A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The...

7.2CVSS5.5AI score

Exploits0References4

Positive Technologies•added 2025/10/06 12:0 a.m.•6 views

PT-2025-40892

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 versions up to 20250928 Description A flaw exists in D-Link DI-7100G C1 that allows for remote command injection. This is due to the manipulation of the iface argument within the sub 46409C function of the /msp...

7.2CVSS4.7AI score0.04755EPSS

Exploits0References13

Positive Technologies•added 2025/10/06 12:0 a.m.•4 views

PT-2025-40888

Name of the Vulnerable Software and Affected Versions IdeaCMS versions up to 1.8 Description A command injection issue exists in IdeaCMS. The issue is located in an unknown function within the app/common/logic/admin/Config.php file of the Website Name Handler component. Manipulation of the 网站名称...

7.2CVSS4.8AI score0.17578EPSS

Exploits1References8

OSV•added 2025/10/05 9:15 p.m.•1 views

CVE-2025-11303

A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted...

8.8CVSS5.7AI score

Exploits0References5

NVD•added 2025/10/05 9:15 p.m.•4 views

CVE-2025-11303

8.8CVSS0.06888EPSS

Exploits1References5

CVE•added 2025/10/05 8:32 p.m.•11 views

CVE-2025-11303

Belkin F9K1015 (version 1.00.10) contains a command injection flaw in the /goform/mp handler via manipulation of the command argument. The vulnerability allows remote execution and is supported by multiple sources (NVD, Red Hat, Vulners enrichments, PT Security) with exploitation details publicly...

8.8CVSS6.3AI score0.06888EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/05 8:32 p.m.•5 views

EUVD-2025-32468

A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted...

6.5CVSS6.3AI score0.06888EPSS

Exploits1References6

ATTACKERKB•added 2025/10/05 8:32 p.m.•1 views

CVE-2025-11303

8.8CVSS5.4AI score0.06888EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/05 6:30 p.m.•3 views

EUVD-2025-32464

A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument mwanipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may...

6.5CVSS6.3AI score0.06888EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by