Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Palo Alto Networks
Palo Alto Networksadded 2025/04/09 4:0 p.m.24 views

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...

7.1CVSS7.3AI score0.00021EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/01/16 3:56 p.m.11 views

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

7.9AI score0.0056EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/02/02 1:33 p.m.4 views

CVE-2023-0649 dst-admin sendBroadcast command injection

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.5CVSS7.9AI score0.06259EPSS
Exploits1References3
NVD
NVDadded 2022/07/17 11:15 p.m.11 views

CVE-2022-26482

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin...

7.2CVSS0.23625EPSS
Exploits3References3
OSV
OSVadded 2020/12/27 6:15 a.m.0 views

CVE-2020-29299

Certain Zyxel products allow command injection by an admin via an input string to chgexppwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before...

7.2CVSS7.1AI score
Exploits0References2
OSV
OSVadded 2019/07/02 9:15 p.m.1 views

CVE-2019-6620

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user...

7.2CVSS5.8AI score0.02522EPSS
Exploits0References1
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.12 views

NetWin SurgeFTP Authenticated Admin Command Injection

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in t...

7.1AI score
Exploits0
exploitpack
exploitpackadded 2012/12/20 12:0 a.m.14 views

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...

0.5AI score
Exploits0
Rows per page
Query Builder