Lucene search
K

1444 matches found

Veracode
Veracode
added 2025/12/13 5:31 a.m.6 views

SQL Injection

Admidio is vulnerable to SQL Injection. The vulnerability is due to improper handling of user input in member assignment data retrieval functionality, which allows an attacker to execute arbitrary SQL commands and manipulate database data...

7.2CVSS6.1AI score0.00395EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.4 views

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

7.5AI score0.0185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/11 12:0 a.m.3 views

CVE-2025-56123

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

7.5AI score0.02308EPSS
Exploits1References3
Hewlett-Packard
Hewlett-Packard
added 2025/12/09 12:0 a.m.11 views

HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. Update to the latest version of HP System Even...

8.8CVSS5.9AI score0.0034EPSS
Exploits0
OSV
OSV
added 2025/12/03 5:2 p.m.7 views

CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

7.9CVSS7.7AI score0.00117EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/20 3:30 p.m.5 views

EUVD-2025-198265

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS7.9AI score0.0025EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 10:18 a.m.9 views

CVE-2025-41734 Unauthenticated Local File Inclusion in php module

An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices...

9.8CVSS0.00458EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/17 5:38 p.m.12 views

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

7.5CVSS8.6AI score0.03026EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

D-Link DIR-882 安全漏洞

The D-Link DIR-882 is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-882 DIR882A1FW102B02 version, which originates from a command injection in the prog.cgi and rc binaries, which could lead to the execution of arbitrary commands...

6.5CVSS7.5AI score0.0279EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

SAP Business Connector 操作系统命令注入漏洞

SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from an operating system command injection vulnerability that stems from OS command injection and could lead to the execution of arbitrary operating system commands...

6.8CVSS7.4AI score0.00832EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.3 views

PT-2025-46548

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.5 and earlier Description A Use After Free issue exists in Substance3D - Stager. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User interaction is...

7.8CVSS7.3AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 3:53 p.m.18 views

CVE-2025-47588

CVE-2025-47588 affects the WordPress plugin Dynamic Pricing With Discount Rules for WooCommerce (aco-woo-dynamic-pricing) up to version 4.5.9. Description and connected sources indicate an Improper Control of Generation of Code leading to Code Injection and Arbitrary Code Execution. CVSSv3.1 base...

9.1CVSS6.6AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 10:15 p.m.8 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

8.8CVSS6AI score0.04188EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:37 p.m.11 views

CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS0.04188EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from a SQL injection vulnerability in the iddependente parameter in the /html/funcionario/dependentedocumento.php endpoin...

9.4CVSS7.8AI score0.00821EPSS
Exploits3References5
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

Cherry Studio 代码注入漏洞

Cherry Studio is a multi-model AI assistant from China's Thousand Comets Cherry Studio. A code injection vulnerability exists in Cherry Studio, which stems from the direct execution of commands in base64-encoded configuration data when processing URLs of type cherrystudio://mcp, which could lead ...

9.6CVSS7.7AI score0.0043EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.4 views

D-Link DIR-816A2 安全漏洞

The D-Link DIR-816A2 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816A2 FWv1.10CNB05 version, which originates from the statuscheckpppoeuser parameter in the dirsetWanWifi function that fails to correctly validate the length and size of the input...

7.5CVSS8AI score0.05336EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/08 2:13 p.m.4 views

CVE-2025-54404

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

8.8CVSS7.9AI score0.03686EPSS
Exploits1References1
OSV
OSV
added 2025/10/07 8:15 p.m.3 views

CVE-2025-36565

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a...

6.7CVSS5.9AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 1:55 p.m.1 views

CVE-2025-54403

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

8.8CVSS7.5AI score0.03686EPSS
Exploits1References1
Rows per page
Query Builder