Lucene search
K

212 matches found

CVE
CVE
added 2025/10/16 5:55 p.m.13 views

CVE-2025-34512

The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...

6.1CVSS5.9AI score0.00371EPSS
Exploits3References3Affected Software1
EUVD
EUVD
added 2025/10/16 5:55 p.m.5 views

EUVD-2025-34807

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...

5.1CVSS5.8AI score0.00371EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.8 views

PT-2025-42500

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server firmware versions through 4.7.18.0.eden Description The software contains a reflected cross-site scripting XSS issue in the index.php file. An unauthenticated attacker can leverage this to execute arbitrary code. The vendo...

6.1CVSS5.9AI score0.00371EPSS
Exploits3References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-2086

Malware in sbrugna...

7.5CVSS6.4AI score0.02079EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-41618

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.3 views

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

7.2AI score0.00986EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.1 views

SAP Netweaver Insecure Deserialization Vulnerability (3634501)

SAP NetWeaver is affected by an insecure deserialization vulnerability within the RMI-P4 module, when deserializing Java Objects. This could allow an un authenticated attacker to potentially, via malicious payload, to execute arbitrary OS commands. Note that Nessus has not tested for this issue b...

10CVSS6.5AI score0.02882EPSS
Exploits1References2
NVD
NVD
added 2025/09/05 3:15 a.m.7 views

CVE-2025-9990

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portaltype parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...

8.1CVSS0.00669EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-32637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload...

9.8CVSS7.1AI score0.00984EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/14 9:22 a.m.9 views

CVE-2025-50946

A flaw was found in github.com/olivetin/olivetin. The ParseRequestURI function in service/internal/executor/arguments.go is vulnerable to an OS command injection, allowing an attacker to execute arbitrary commands on the system. This occurs when processing a crafted URI. A remote attacker can...

6.5CVSS7.9AI score0.013EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.13 views

SUSE Manager 访问控制错误漏洞

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. An access control error vulnerability exists in SUSE Manager that stems from a lack of authentication for critical functions and could lead t...

9.8CVSS7.3AI score0.10353EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.4 views

Remote Control Server 安全漏洞

Remote Control Server is a remote control server by Stephan Schultz, an individual developer. A security vulnerability exists in Remote Control Server version 3.1.1.12 that originates from unauthenticated remote code execution and could lead to complete system compromise...

9.3CVSS7.8AI score0.01561EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/06/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code...

10CVSS6.2AI score0.13105EPSS
Exploits28References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS5.9AI score0.89218EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.4 views

CVE-2023-23607

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they ca...

9.8CVSS9.6AI score0.01612EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.10 views

CVE-2021-24240

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability...

9.8CVSS8AI score0.03037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.8 views

CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...

9.8CVSS7.5AI score0.36272EPSS
Exploits1
OSV
OSV
added 2025/04/16 10:15 p.m.6 views

AZL-60583 CVE-2025-32433 affecting package erlang for versions less than 25.3.2.20-1

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

10CVSS6.7AI score0.97859EPSS
Exploits36References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:47 a.m.7 views

CVE-2024-9016

man-group dtale version = 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the runquery function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'pytho...

7.4AI score
Exploits0References3
GithubExploit
GithubExploit
added 2025/03/22 7:42 a.m.727 views

Exploit for Code Injection in Theme-Fusion Avada

CVE-2024-13346 Avada Theme 7.11.14 - Unauthenticated Arbi...

9.8CVSS8.7AI score0.02104EPSS
Exploits1
Rows per page
Query Builder