212 matches found
CVE-2025-34512
The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...
EUVD-2025-34807
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...
PT-2025-42500
Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server firmware versions through 4.7.18.0.eden Description The software contains a reflected cross-site scripting XSS issue in the index.php file. An unauthenticated attacker can leverage this to execute arbitrary code. The vendo...
EUVD-2014-2086
Malware in sbrugna...
EUVD-2024-41618
Malicious code in bioql PyPI...
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
SAP Netweaver Insecure Deserialization Vulnerability (3634501)
SAP NetWeaver is affected by an insecure deserialization vulnerability within the RMI-P4 module, when deserializing Java Objects. This could allow an un authenticated attacker to potentially, via malicious payload, to execute arbitrary OS commands. Note that Nessus has not tested for this issue b...
CVE-2025-9990
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portaltype parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...
Linux Distros Unpatched Vulnerability : CVE-2023-32637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload...
CVE-2025-50946
A flaw was found in github.com/olivetin/olivetin. The ParseRequestURI function in service/internal/executor/arguments.go is vulnerable to an OS command injection, allowing an attacker to execute arbitrary commands on the system. This occurs when processing a crafted URI. A remote attacker can...
SUSE Manager 访问控制错误漏洞
SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. An access control error vulnerability exists in SUSE Manager that stems from a lack of authentication for critical functions and could lead t...
Remote Control Server 安全漏洞
Remote Control Server is a remote control server by Stephan Schultz, an individual developer. A security vulnerability exists in Remote Control Server version 3.1.1.12 that originates from unauthenticated remote code execution and could lead to complete system compromise...
VulnCheck KEV: CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code...
VulnCheck KEV: CVE-2024-29972
UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-23607
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they ca...
CVE-2021-24240
The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability...
CVE-2021-43711
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...
AZL-60583 CVE-2025-32433 affecting package erlang for versions less than 25.3.2.20-1
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...
CVE-2024-9016
man-group dtale version = 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the runquery function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'pytho...
Exploit for Code Injection in Theme-Fusion Avada
CVE-2024-13346 Avada Theme 7.11.14 - Unauthenticated Arbi...