Lucene search
+L

71 matches found

OSV
OSV
added 2026/02/04 6:38 p.m.7 views

GHSA-9G95-QF3F-GGRW n8n has OS Command Injection in Git Node

Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...

9.4CVSS5.9AI score0.00568EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/01 9:26 p.m.14 views

CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.8CVSS7.8AI score0.0063EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/31 8:48 p.m.4 views

CVE-2015-10145 Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.7CVSS7.4AI score0.0063EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/31 8:48 p.m.11 views

CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.8CVSS6.3AI score0.0063EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/31 8:48 p.m.19 views

CVE-2015-10145

Gargoyle router management utility versions 1.5.x expose an authenticated OS command execution vulnerability in /utility/run_commands.sh due to improper validation of the commands parameter. An authenticated attacker can execute arbitrary shell commands on the device, potentially leading to full ...

8.8CVSS7.4AI score0.0063EPSS
In wildExploits1References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/12/31 12:0 a.m.74 views

VulnCheck KEV: CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.8CVSS6.3AI score0.0063EPSS
In wildExploits1References5
OSV
OSV
added 2025/12/19 7:16 a.m.4 views

CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

6.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52416

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

6.5CVSS6.7AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49812

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

4.3CVSS7.2AI score0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 9:2 p.m.8 views

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

8.4CVSS7AI score0.00117EPSS
Exploits0References3
Veracode
Veracode
added 2025/11/21 10:34 a.m.6 views

Privilege Escalation

github.com/canonical/lxd is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization in the Operations API, where an attacker with only read permissions can hijack terminal or console WebSocket sessions and execute arbitrary commands...

8.1CVSS7.4AI score0.00193EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/09 9:31 p.m.7 views

EUVD-2025-33583

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

7CVSS6.7AI score0.00737EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.20 views

PT-2025-41180

『allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system』 IBM Security Verify Access and IBM Verify Identity Access products. CVE-2025-36354, CVE-2025-36355, CVE-2025-363546 https://t.co/SJGzwogo72...

8.5CVSS7.2AI score0.00295EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.6 views

Security Updates for Microsoft Excel Products (August 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53735, CVE-2025-53737,...

7.8CVSS6.7AI score0.00565EPSS
Exploits0References5
Snyk
Snyk
added 2025/03/25 8:42 p.m.3 views

Cross-site Scripting (XSS)

Overview fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Cross-site Scripting XSS on the Run Commands table. An attacker can execute scripts in the context of the browser by injecting malicious strings as cmdDisp.CMDNOOPSTRING...

6.1CVSS5.4AI score0.00266EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/03/03 1:48 a.m.12 views

emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

8.8CVSS6.1AI score0.0256EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 8:12 a.m.4 views

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM...

7.2CVSS7.8AI score0.64423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-38910 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: An input validation weakness was discovered that could allow a valid, authenticated user with elevated privileges to perform command injection or cause a recoverable denial of service using a...

7.2CVSS7.5AI score0.01032EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.5 views

Hamastar MeetingHub Paperless Meetings 安全漏洞

Hamastar MeetingHub Paperless Meetings is a paperless e-meeting software from China-based Hamastar. A security vulnerability exists in Hamastar MeetingHub Paperless Meetings version 2021, which stems from an unrestricted file upload vulnerability that could allow a remote authenticated user to...

9.3CVSS7.4AI score0.00523EPSS
Exploits0References2
OSV
OSV
added 2024/07/16 5:15 p.m.4 views

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...

9.8CVSS5.8AI score0.00822EPSS
Exploits1References1
Rows per page
Query Builder