Lucene search
K

113 matches found

Cvelist
Cvelist
added 2025/09/16 10:22 p.m.12 views

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

7.2CVSS0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 9:11 p.m.39 views

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

5.8CVSS0.00537EPSS
Exploits0References1
OSV
OSV
added 2025/09/02 12:15 p.m.7 views

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

4.9CVSS5.9AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/05 8:1 p.m.4 views

CVE-2013-10069 D-Link Devices Unauthenticated RCE

The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...

10CVSS7.4AI score0.11859EPSS
Exploits1References4
NVD
NVD
added 2025/08/01 9:15 p.m.8 views

CVE-2013-10050

An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...

8.8CVSS0.09637EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.4 views

PT-2025-29911 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 2.0.0 Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a...

6.3CVSS6.6AI score0.00226EPSS
Exploits1References8
NVD
NVD
added 2025/06/11 9:15 a.m.10 views

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

6.8CVSS0.00258EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:4 a.m.6 views

CVE-2019-1010151

zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...

9.8CVSS7AI score0.02043EPSS
Exploits1References1
NVD
NVD
added 2025/05/09 2:15 p.m.17 views

CVE-2024-11861

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...

9.8CVSS0.01387EPSS
Exploits0References2
NVD
NVD
added 2025/05/09 2:15 p.m.50 views

CVE-2024-12442

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...

9.8CVSS0.01078EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/09 1:55 p.m.7 views

CVE-2024-12442 Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive

EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access...

7.8AI score0.01078EPSS
Exploits0References2
CVE
CVE
added 2025/05/09 1:51 p.m.54 views

CVE-2024-11861

The CVE-2024-11861 entry details a command-injection vulnerability in EnerSys AMPA 22.09 and earlier, enabling privileged remote shell access via vulnerable components. Affected software: EnerSys AMPA (versions ≤ 22.09). Root cause: command-injection flaw as described in multiple sources. Impact:...

9.8CVSS7.2AI score0.01387EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/09 1:51 p.m.24 views

CVE-2024-11861 Command injection in EnerSys AMPA 22.09 and prior versions

EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access...

0.01387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/09 12:0 a.m.7 views

PT-2025-20556 · Enersys · Enersys Ampa

Name of the Vulnerable Software and Affected Versions: EnerSys AMPA versions 24.04 through 24.16 Description: The issue allows for command injection, which can lead to privileged remote shell access. Recommendations: For EnerSys AMPA versions 24.04 through 24.16, update to a version that is not...

9.8CVSS7.1AI score0.01078EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/04/19 6:32 p.m.362 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Remote Shell Go-based exploit for CVE-2025-3243...

10CVSS8.7AI score0.97673EPSS
Exploits36
RedhatCVE
RedhatCVE
added 2025/02/05 5:54 p.m.12 views

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

9.9CVSS6.9AI score0.02695EPSS
Exploits1References1
OSV
OSV
added 2025/01/21 5:28 p.m.7 views

MAL-2025-619 Malicious code in secure-toolbots (npm)

This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

7AI score
Exploits0References1
OSV
OSV
added 2025/01/10 5:22 p.m.3 views

MAL-2025-71 Malicious code in secure-toolkits (npm)

This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

7AI score
Exploits0References1
OSV
OSV
added 2024/08/02 11:16 a.m.1 views

CVE-2024-38877

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Network Intrusion Detection System NIDS R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8...

8.8CVSS5.8AI score0.00187EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.7 views

PT-2024-10392

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wi-Fi 5 Dual-Band router BR-6476AC version 1.06 Description The issue is related to command injection problems in /bin/goahead, which can be triggered through API endpoints such as "/goform/tracerouteDiagnosis",...

9CVSS6.1AI score0.05255EPSS
Exploits1References13
Rows per page
Query Builder