Lucene search
K

101 matches found

CNNVD
CNNVD
added 2025/12/18 12:0 a.m.14 views

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from a lack of authentication in the adm.cgi endpoint configuration change module, which could allow an unauthenticated attacker to execute command...

8.7CVSS6.9AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/09 9:33 a.m.5 views

CVE-2025-27020

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

9.8CVSS7.8AI score0.00477EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 9:26 a.m.5 views

EUVD-2025-201700

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

9.8CVSS7.3AI score0.00477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/17 6:0 a.m.4 views

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

7.5AI score0.19241EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/07 1:9 a.m.7 views

CVE-2025-11546

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...

9.3CVSS0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 6:44 p.m.14 views

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

9.8CVSS8.3AI score0.07679EPSS
Exploits3References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-6592

Malware in sbrugna...

9.3CVSS6.3AI score0.02921EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-5304

Malware in sbrugna...

9.3CVSS6.4AI score0.00953EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25810

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00371EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-49223

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/17 12:49 a.m.15 views

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

9.8CVSS7.6AI score0.03815EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/08/22 4:35 p.m.7 views

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

9.3CVSS7.2AI score0.00953EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 4:15 p.m.8 views

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

9.3CVSS0.00953EPSS
Exploits0References8
NVD
NVD
added 2025/08/14 5:15 p.m.7 views

CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input...

10CVSS0.14468EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.4 views

PT-2025-33147

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.1 Description The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. Flowise’s authentication and authorization model is minimal and lacks...

10CVSS7.5AI score0.70866EPSS
Exploits3References16
NVD
NVD
added 2025/08/08 7:15 p.m.8 views

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

9.3CVSS0.02921EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/08 6:13 p.m.3 views

CVE-2012-10041 WAN Emulator v2.3 Command Execution

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

9.3CVSS9.1AI score0.02921EPSS
Exploits0References4
CVE
CVE
added 2025/08/08 6:13 p.m.23 views

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script passes unsanitized input from the pc POST parameter to shell_exec(), allowing remote command execution as the www-data user. Additionally, a SUID-root binary named dosu is vulnerable to command...

9.3CVSS8.8AI score0.02921EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/08/08 6:9 p.m.4 views

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

9.3CVSS6.2AI score0.01076EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.7 views

PT-2025-32392 · Unknown +1 · Ajaxplorer/Pydio Cells +1

Name of the Vulnerable Software and Affected Versions: AjaXplorer/Pydio Cells versions prior to 2.6 Description: An unauthenticated remote command execution vulnerability exists due to improper sanitization of user-supplied input to the destServer GET parameter within the checkInstall.php script ...

9.3CVSS8.3AI score0.01076EPSS
Exploits0References7
Rows per page
Query Builder