CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

341 matches found

Cvelist•added 2025/10/22 2:21 p.m.•10 views

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

10CVSS0.07163EPSS

Exploits2References5

VulnCheck KEV•added 2025/10/22 12:0 a.m.•9 views

VulnCheck KEV: CVE-2016-15048

10CVSS6.1AI score0.07163EPSS

In wildExploits2References3

CNNVD•added 2025/10/22 12:0 a.m.•5 views

AMTT Hotel Broadband Operation System 安全漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system from China-based AmTech Century AMTT. A security vulnerability exists in the AMTT Hotel Broadband Operation System, which originates from an unauthenticated command injection in the /manager/radius/serverping.php endpoint...

10CVSS7.6AI score0.07163EPSS

Exploits2References6

RedhatCVE•added 2025/10/17 6:44 p.m.•14 views

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

9.8CVSS8.3AI score0.07679EPSS

Exploits3References1

CVE•added 2025/10/16 5:53 p.m.•11 views

CVE-2025-34513

Ilevia EVE X1 Server firmware ≤ 4.7.18.0.eden contains a pre-authentication OS command injection in mbus_build_from_csv.php (/ajax/php/mbus_build_from_csv.php), allowing unauthenticated code execution. Multiple sources (NVD, Red Hat CVE page, CIRCL, ZSL) confirm unauthenticated remote command exe...

9.8CVSS7.9AI score0.07679EPSS

Exploits3References3Affected Software1

Packet Storm•added 2025/10/16 12:0 a.m.•144 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Remote Command Injection

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the mbusfile and mbuscsv HTTP POST parameters through the /ajax/php/mbusbuildfromcsv.php script...

9.8CVSS8.4AI score0.07679EPSS

Exploits3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-8947

Malware in sbrugna...

9.8CVSS9.5AI score0.01952EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-15270

Malware in sbrugna...

9.8CVSS9.5AI score0.01679EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2012-6587

Malware in sbrugna...

9.3CVSS6.3AI score0.03005EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2012-6592

Malware in sbrugna...

9.3CVSS6.3AI score0.02921EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-5304

Malware in sbrugna...

9.3CVSS6.4AI score0.00953EPSS

Exploits0References9

Cvelist•added 2025/10/06 4:53 p.m.•8 views

CVE-2025-36354 IBM Security Verify Access command execution

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

7.3CVSS0.00289EPSS

Exploits0References1