Lucene search
+L

509 matches found

NVD
NVD
added 2026/03/11 4:17 a.m.5 views

CVE-2026-23815

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands...

7.2CVSS0.00938EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24570

Name of the Vulnerable Software and Affected Versions AOS-CX Switches affected versions not specified Description A flaw exists in a custom binary within the AOS-CX Switches' Command Line Interface CLI. A remotely authenticated attacker with high privileges can exploit this issue to inject...

7.2CVSS5.9AI score0.00938EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

HPE AOS-CX 安全漏洞

HPE AOS-CX is a network operating system developed by Hewlett-Packard Enterprise HPE for data centers, campuses, and edge locations. It is designed to provide flexible and innovative network services while enhancing network performance. HPE AOS-CX contains a security vulnerability, which stems fr...

7.2CVSS5.9AI score0.00938EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.4 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

7.2CVSS0.0176EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/09 7:54 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process. An attacker can cause unauthorized commands to be persisted as trusted entries by submitting a shell command with an unquoted character,...

5CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 9:3 p.m.21 views

CVE-2026-30225 OliveTin: RestartAction always runs actions as guest

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS0.00414EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/06 9:3 p.m.2 views

CVE-2026-30225 OliveTin: RestartAction always runs actions as guest

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

5.3CVSS6AI score0.00414EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/06 12:31 a.m.7 views

EUVD-2026-9939

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00889EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 11:18 p.m.3 views

CVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS6AI score0.00889EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is a tool for executing restricted commands that supports controlling command execution through a whitelisting mechanism. A command injection vulnerability exists in OpenClaw. An attacker could use this vulnerability to execute unauthorized commands bypassing command restrictions...

9.8CVSS6AI score0.00499EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 10:40 p.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the approval-enabled host=node workflows. An attacker can bypass intended approval integrity by reusing a previously approved request with altered environment...

6.5CVSS6.1AI score0.00191EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 10:15 p.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run command resolution. An attacker can execute unauthorized commands on a trusted Windows node by submitting a benign command for approval and then...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 3:30 a.m.9 views

EUVD-2026-8963

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.5AI score0.00518EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:20 a.m.26 views

CVE-2026-27028 Mobility46 mobility46.se Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS0.00518EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:9 a.m.17 views

CVE-2026-27772

CVE-2026-27772 concerns WebSocket endpoints used by OCPP in EV Energy ev.energy deployments. The authenticated requirement is missing: an unauthenticated attacker can connect to the OCPP WebSocket endpoint with a known or discovered charging-station identifier and issue or receive OCPP commands a...

9.8CVSS5.5AI score0.00531EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22231

Name of the Vulnerable Software and Affected Versions Systems utilizing WebSocket endpoints for Open Charge Point Protocol OCPP communication affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations...

9.8CVSS6AI score0.00518EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.12 views

PT-2026-22232

Name of the Vulnerable Software and Affected Versions EV2GO affected versions not specified Description The software’s WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations without authorization and manipulate data transmitted to the backen...

9.8CVSS6AI score0.00557EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/25 10:17 p.m.7 views

CVE-2025-33179

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...

8.8CVSS5.5AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 8:27 p.m.5 views

CVE-2025-33179

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...

8.8CVSS5.8AI score0.0051EPSS
Exploits0References3
NVD
NVD
added 2026/02/24 8:27 p.m.11 views

CVE-2025-33179

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...

8.8CVSS0.0051EPSS
Exploits0References3
Rows per page
Query Builder