Lucene search
K

17 matches found

OSV
OSV
added 2026/05/19 7:22 p.m.7 views

GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

10CVSS6.1AI score0.00147EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from OS command injection, potentially allowing for the execution of arbitrary OS commands...

9.8CVSS6AI score0.00996EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

KuWFi GC111 安全漏洞

KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi GC111 that stems from improper handling of unauthenticated requests and could lead to the execution of arbitrary OS commands...

9.8CVSS7.1AI score0.18231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/22 10:15 p.m.15 views

CVE-2024-52034 mySCADA myPRO OS Command Injection

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...

10CVSS7.6AI score0.01697EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.3 views

PT-2024-27018 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series affected versions not specified Description: The issue concerns an active debug code vulnerability. If a user with knowledge of the debug function logs in, they may utilize the debug function to...

8.8CVSS7.7AI score0.00619EPSS
Exploits0References6
CNVD
CNVD
added 2023/07/03 12:0 a.m.14 views

D-Link DIR-823G Command Execution Vulnerability (CNVD-2023-65130)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A command execution vulnerability exists in the D-Link DIR-823G version 1.02B05, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...

9.8CVSS7.7AI score0.31396EPSS
Exploits1References1
NVD
NVD
added 2023/04/27 11:15 p.m.10 views

CVE-2023-29150

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

8.8CVSS8.7AI score0.00746EPSS
Exploits0References1
Prion
Prion
added 2023/04/27 11:15 p.m.19 views

Design/Logic Flaw

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

6.5CVSS8.6AI score0.2457EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/23 8:15 p.m.12 views

CVE-2021-43981

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

10CVSS0.01218EPSS
Exploits0References1
NVD
NVD
added 2018/06/26 6:29 p.m.15 views

CVE-2018-4859

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

9CVSS7.1AI score0.03737EPSS
Exploits0References1
NVD
NVD
added 2018/06/26 6:29 p.m.13 views

CVE-2018-4860

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

9CVSS7.1AI score0.03737EPSS
Exploits0References1
Prion
Prion
added 2018/06/26 6:29 p.m.16 views

Security feature bypass

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

9CVSS7.1AI score0.03737EPSS
Exploits0References1
OSV
OSV
added 2016/11/24 7:59 p.m.3 views

CVE-2016-0325

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

6.3CVSS6AI score0.00998EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Time and Expense Management System Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/03 12:0 a.m.23 views

Time and Expense Management System - Multiple Vulnerabilities

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5 Download................http://sourceforge.net/projects/tems/ Discovery...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/05/03 12:0 a.m.22 views

Time and Expense Management System Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...

7.1AI score
Exploits0
NVD
NVD
added 2007/01/30 4:28 p.m.11 views

CVE-2007-0565

CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors...

7.5CVSS7AI score0.01359EPSS
Exploits0References4
Rows per page
Query Builder