Lucene search
K

211 matches found

NVD
NVD
added 2026/01/08 12:15 a.m.5 views

CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS0.1064EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2026/01/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS6.1AI score0.1064EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1713

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.6 before 18.6.3 GitLab CE/EE versions 18.7 before 18.7.1 Description An issue in GitLab CE/EE could allow an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser. This is...

9.6CVSS7.4AI score0.0062EPSS
Exploits0References21
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.201 views

📄 flatCore 1.5 Shell Upload

flatCore version 1.5 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : flatCore 1.5 Advanced File Upload Exploit | | Author : indoushka | | Tested on...

8.8CVSS7.3AI score0.02254EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/12/08 9:15 a.m.23 views

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is CVE-2025-6389 CVSS score: 9.8, which affects all versions of the plugin prior to and including 8.3. It has...

9.8CVSS8.2AI score0.43399EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/12/05 9:34 p.m.10 views

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

9.3CVSS8AI score0.00522EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2025/12/04 7:3 p.m.11 views

Imperva Customers Protected Against React Server Components (RSC) Vulnerability

Overview On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability CVSS 10.0, identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions. The React2Shell vulnerability stems from...

10CVSS8.1AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2025/12/04 9:27 a.m.190 views

Exploit for CVE-2025-55182

CVE-2025-55182 This repository contains a PoC reproduction of...

10CVSS8.2AI score0.99562EPSS
Exploits374
RedhatCVE
RedhatCVE
added 2025/11/18 6:58 a.m.7 views

CVE-2025-9501

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS8AI score0.19638EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.4 views

PT-2025-46845

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619 B20230130 and NR1800X V9.1.0u.6681 B20230703 Router firmware within the cstecgi.cgi binary sub 42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into...

8.3AI score0.00474EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/13 12:0 a.m.13 views

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...

0.00767EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.4 views

CVE-2025-11546

CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, EXPRESSCLUSTER X SingleServerSafe for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 allows an attacker sends...

9.3CVSS7.2AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 8:56 p.m.6 views

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

9.8CVSS7.9AI score0.00857EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 7:59 p.m.9 views

CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...

9.3CVSS0.00629EPSS
Exploits0References3
NVD
NVD
added 2025/11/05 9:15 a.m.11 views

CVE-2025-55108

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...

10CVSS0.00786EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 9:7 a.m.17 views

CVE-2025-55108

The CVE-2025-55108 entry concerns BMC Control-M/Agent and describes unauthenticated remote code execution, plus arbitrary file read/write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (default configuration). Affected component: Control-M/Agent; root cause cen...

10CVSS7.6AI score0.00786EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/01 8:5 p.m.340 views

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS-CVE-2025-59287-RCE CVE-2025-59287 is a critical CVSS...

9.8CVSS10AI score0.99962EPSS
Exploits24
Cvelist
Cvelist
added 2025/10/24 11:4 p.m.36 views

CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

7CVSS0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.12 views

Adobe Commerce / Magento Insecure Deserialization (SessionReaper)

Adobe Magento Open Source / Commerce is prone to an unauthenticated Remote Code Execution vulnerability due to insecure deserialization of untrusted data. An attacker can exploit this issue to execute arbitrary code in the context of the web server process. No source data...

9.1CVSS8.3AI score0.96742EPSS
Exploits9References3
EUVD
EUVD
added 2025/10/16 5:55 p.m.5 views

EUVD-2025-34807

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...

5.1CVSS5.8AI score0.00371EPSS
Exploits3References5
Rows per page
Query Builder