Lucene search
K

886 matches found

CVE
CVE
added 2026/05/28 12:0 a.m.20 views

CVE-2026-38703

CVE-2026-38703 describes a command injection in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 V1.0.118, IR315 V1.0.118, IR615 V1.0.118 and earlier versions. Exploitation could yield ROOT privileges on remote devices. Affected component: ZeroTier VPN on the InHand IR s...

9.8CVSS5.8AI score0.01243EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.15 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.01243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.13 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.31 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

0.01269EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 12:0 a.m.18 views

CVE-2026-38702

CVE-2026-38702 is a command injection vulnerability in InHand Networks’ Admin Access feature affecting IR302 (V3.5.108) and IR305/IR315/IR615 (V1.0.118) and earlier firmware. The issue could allow remote attackers to gain ROOT privileges on target devices. The connected sources confirm affected m...

9.8CVSS5.8AI score0.01243EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44404

Name of the Vulnerable Software and Affected Versions IR302 versions prior to 3.5.108 IR305 versions prior to 1.0.118 IR315 versions prior to 1.0.118 IR615 versions prior to 1.0.118 Description A command injection issue exists in the ZeroTier VPN feature. This allows remote attackers to execute...

9.8CVSS6.1AI score0.01243EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.32 views

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

0.01243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.13 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.01243EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/14 3:30 a.m.12 views

SUSE CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server...

10CVSS5.8AI score0.05132EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:54 p.m.10 views

CVE-2026-45158

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...

9.1CVSS6.5AI score0.00531EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 8:20 a.m.24 views

CVE-2025-40949

The CVE-2025-40949 issue affects RUGGEDCOM ROX devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with all versions

9.1CVSS6.1AI score0.00543EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2026/05/12 12:0 a.m.12 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and...

9.1CVSS7.5AI score0.00543EPSS
Exploits0References10
NVD
NVD
added 2026/05/07 2:16 p.m.18 views

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

8.8CVSS0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.32 views

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.6 views

CVE-2026-31196

The traceroute diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

6.1AI score0.01275EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 5:16 p.m.6 views

CVE-2026-24506

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...

7.2CVSS0.01191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 4:8 p.m.4 views

CVE-2026-24504

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this...

7.2CVSS6.1AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.20 a...

7.2CVSS6.1AI score0.01191EPSS
Exploits0References1
NCSC
NCSC
added 2026/04/10 2:28 p.m.11 views

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco Smart Software Manager On-Prem. A malicious party could exploit this vulnerability by inadvertently making an internal service component in Cisco Smart Software Manager On-Prem SSM On-Prem externally accessible. This allows a remote attacker to execute...

9.8CVSS6AI score0.00914EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 7:0 p.m.28 views

CVE-2026-26213 thingino-firmware api.cgi Unauthenticated Command Injection in Captive Portal

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.7CVSS0.06239EPSS
Exploits0References2
Rows per page
Query Builder