Lucene search
+L

509 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:26 p.m.9 views

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

8.8CVSS7.3AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:12 p.m.7 views

CVE-2020-8539

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...

7.8CVSS7AI score0.02257EPSS
Exploits2References1
Snyk
Snyk
added 2025/05/14 12:31 p.m.2 views

Improper Handling of Insufficient Permissions or Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the Dispatch function in the worker.go file. An attacker can escalate privileges and modify sensitive system data by sending unauthorized commands to manipulate the package...

8.5CVSS7.3AI score0.00158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.14 views

Security Updates for Microsoft Excel Products (May 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

7.8CVSS8.5AI score0.00585EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.10 views

Security Updates for Microsoft Office Online Server (May 2025)

The Microsoft Office Online Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

7.8CVSS9.2AI score0.00585EPSS
Exploits0References8
CVE
CVE
added 2025/04/15 8:44 a.m.65 views

CVE-2025-3579

Aidex CVE-2025-3579 affects versions prior to 1.7. The issue is a prompt-injection vulnerability in the /api//message endpoint where the content parameter can be manipulated by an authenticated user with access to an open registry, enabling execution of OS commands (Unix), interaction with intern...

9.3CVSS7.2AI score0.00609EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/08 12:0 a.m.24 views

Security Updates for Microsoft Excel Products (April 2025)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...

7.8CVSS8.1AI score0.0211EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/04/08 12:0 a.m.15 views

Security Updates for Microsoft Access Products (April 2025)

The Microsoft Access Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relie...

7.8CVSS8.3AI score0.00761EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/03/24 12:0 a.m.3448 views

Fail2Ban 0.11.2 Privilege Escalation / Command Execution

If a user can execute fail2ban-client with sudo, they can achieve local privilege escalation and command injection via user-modified actions. Author: Raed Ahsan Date: 24/03/2025 Fail2Ban-client privilege-escalation """ Fail2Ban Automated Exploit Script - CVE Candidate...

8.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/15 6:16 a.m.8 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS7.2AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.9 views

PT-2025-11187

Name of the Vulnerable Software and Affected Versions: Fortinet FortiDDoS-F versions 7.0.0 through 7.02 Fortinet FortiDDoS-F versions prior to 6.6.3 Description: The software contains an improper neutralization of special elements used in an OS command, which may allow a privileged attacker to...

6.7CVSS6.8AI score0.00479EPSS
Exploits0References8
CVE
CVE
added 2025/03/12 3:33 p.m.59 views

CVE-2025-1960

CVE-2025-1960 affects Schneider Electric WebHMI (EcoStruxure Power Automation System User Interface) used in EMO-L/EPAS deployments. The root cause is CWE-1188: Initialization of a Resource with an Insecure Default, where insecure default values during resource initialization could allow an attac...

9.8CVSS9.7AI score0.00497EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.4 views

Schneider Electric WebHMI 安全漏洞

Schneider Electric WebHMI is a human-machine interface software from Schneider Electric France. A security vulnerability exists in WebHMI v4.1.0.0 and earlier versions that originates from the use of insecure default values during resource initialization, which could allow an attacker to execute...

9.8CVSS6.8AI score0.00497EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/11 3:15 p.m.2 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS5.6AI score0.00313EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/11 3:15 p.m.3 views

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

8.8CVSS5.9AI score0.00506EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 3:15 p.m.7 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS0.00313EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 3:15 p.m.5 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS5.9AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 2:54 p.m.9 views

CVE-2024-33501

Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...

4.2CVSS5.4AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 2:54 p.m.5 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS5AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 2:54 p.m.10 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS0.00313EPSS
Exploits0References1
Rows per page
Query Builder