Lucene search
K

78 matches found

CVE
CVE
added 2026/03/11 12:0 a.m.128 views

CVE-2025-67038

Summary: CVE-2025-67038 affects Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module concatenates the username into a shell command used for logging on authentication failures, allowing injection of arbitrary OS commands with root privileges. Multiple sources (NVD, Red Hat, CISA KEV, CNNVD) describe ...

9.8CVSS5.9AI score0.00889EPSS
In wildExploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 12:0 a.m.4 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.00889EPSS
Exploits1References4
OSV
OSV
added 2026/03/03 8:16 p.m.5 views

CVE-2024-55020

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...

9.8CVSS6.1AI score0.01665EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.5 views

PT-2025-47891

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers CVE-2025-13207, CVE-2024-24481 https://t.co/ZUXQixklyd...

7.6AI score
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.2 views

CVE-2022-50596

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...

9.8CVSS6AI score0.04115EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 8:35 a.m.14 views

CVE-2025-41699

Phoenix Contact CHARX SEC-3xxx charging controllers are affected by CVE-2025-41699. The vulnerability is a code injection (CWE-94) that an attacker with a low-privileged remote account for the Web-based management can exploit to change system configuration and perform a root command injection, co...

8.8CVSS7.3AI score0.00881EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15291

Malware in sbrugna...

9CVSS8.8AI score0.02268EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-31217

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.02279EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-31180

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.01096EPSS
Exploits0References4
OSV
OSV
added 2025/09/26 7:15 a.m.8 views

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

7.3CVSS5.8AI score0.02279EPSS
Exploits1References6
NVD
NVD
added 2025/09/26 1:15 a.m.9 views

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

8.2CVSS0.01096EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/26 12:0 a.m.5 views

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

8.2CVSS7.3AI score0.01096EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/26 12:0 a.m.12 views

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

8.2CVSS0.01096EPSS
Exploits0References3
CVE
CVE
added 2025/09/26 12:0 a.m.20 views

CVE-2025-60017

CVE-2025-60017 affects Unitree Go2, G1, H1 and B2 devices through 2025-09-20. The root cause is a command injection in the hostapd_restart.sh flow, triggered by crafted values for wifi_ssid or wifi_pass used by restart_wifi_ap and restart_wifi_sta. This leads to potential root-level command execu...

8.2CVSS7.3AI score0.01096EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/23 8:23 a.m.8 views

CVE-2025-41684 Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...

8.8CVSS0.00696EPSS
Exploits0References1
CVE
CVE
added 2025/07/23 8:23 a.m.18 views

CVE-2025-41684

An authenticated remote attacker can execute arbitrary commands with root privileges via the tls_iotgen_setting endpoint in the Main Web Interface of affected Apache IoT devices. Root cause is improper sanitizing of user input, enabling command injection. Impact is full control of the device at r...

8.8CVSS7.3AI score0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/23 8:22 a.m.4 views

CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...

8.8CVSS7.3AI score0.00696EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/23 8:22 a.m.11 views

CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...

8.8CVSS0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:37 a.m.6 views

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

8.8CVSS7.7AI score0.0383EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.5 views

CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

8.8CVSS7.4AI score0.24071EPSS
Exploits1References1
Rows per page
Query Builder