CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/04/09 9:15 a.m.•8 views

CVE-2025-27797

OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product...

9.8CVSS0.00946EPSS

CVE•added 2025/04/09 9:3 a.m.•53 views

CVE-2025-25053

CVE-2025-25053 describes an OS command injection in the WEB UI (settings page) of Inaba Denki Sangyo Wi‑Fi AP UNIT AC-WPS-11ac series. A remote attacker who can log in may execute arbitrary OS commands due to this input handling flaw. Affected are pre‑patch firmware versions; vendor‑provided fixe...

8.8CVSS7.8AI score0.00895EPSS

Vulnrichment•added 2025/04/09 9:3 a.m.•5 views

CVE-2025-25053

8.8CVSS8.8AI score0.00895EPSS

Cvelist•added 2025/04/09 9:3 a.m.•13 views

CVE-2025-25053

8.8CVSS0.00895EPSS

OSV•added 2025/04/08 5:15 p.m.•3 views

CVE-2025-27082

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...

7.2CVSS6AI score0.00438EPSS

Vulnrichment•added 2025/04/04 9:52 a.m.•10 views

CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

9.5CVSS7.7AI score0.00968EPSS

RedhatCVE•added 2025/04/03 12:24 a.m.•14 views

CVE-2025-26056

A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...

5.4CVSS8.4AI score0.0101EPSS

CNVD•added 2025/04/03 12:0 a.m.•1 views

TOTOLINK A3002R Command Injection Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from bandstr failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

9.8CVSS7.3AI score0.08431EPSS

CNVD•added 2025/04/03 12:0 a.m.•5 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06617)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

7.3CVSS8AI score0.01239EPSS

CNVD•added 2025/04/03 12:0 a.m.•5 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06618)

Dell Unity is a set of virtual Unity storage environments from Dell USA. Dell Unity suffers from an OS command injection vulnerability that can be exploited by an attacker to execute arbitrary operating system commands on the system...

7.8CVSS8AI score0.00524EPSS

CNVD•added 2025/04/03 12:0 a.m.•8 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06613)

7.8CVSS8AI score0.00524EPSS

Positive Technologies•added 2025/04/03 12:0 a.m.•3 views

PT-2025-18661 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the CloudSrvUserdataVersionCheck function via the svn parameter. This issue allows attackers to execute arbitrary commands through a...

6.5CVSS7.9AI score0.00903EPSS

Exploits1References6

BDU FSTEC•added 2025/04/03 12:0 a.m.•4 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload arbitrary files, increase their privileges, and execute arbitrary commands.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to load arbitrary files, increase their privileges, and execute arbitrary commands...

6.5CVSS5.8AI score0.00471EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/04/02 6:11 a.m.•8 views

CVE-2024-36465 SQL injection in Zabbix API

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

8.6CVSS8.8AI score0.21243EPSS

RedhatCVE•added 2025/04/02 1:33 a.m.•12 views

CVE-2025-22939

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands...

9.8CVSS8.5AI score0.02465EPSS

CNVD•added 2025/04/02 12:0 a.m.•7 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06619)

7.8CVSS8AI score0.00495EPSS

CNVD•added 2025/04/02 12:0 a.m.•4 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06622)

7.8CVSS8AI score0.00536EPSS

BDU FSTEC•added 2025/04/02 12:0 a.m.•3 views

The vulnerability of the ADI web interface of the Verve Asset Manager software allows a perpetrator to execute arbitrary commands within the context of the Agentless Device Inventory.

The vulnerability of the ADI web interface of the Verve Asset Manager software solution is related to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary commands within the...

9.1CVSS8.3AI score0.00634EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/04/01 12:0 a.m.•6 views

CVE-2025-26056

7.7AI score0.0101EPSS