Lucene search
+L

183 matches found

Cvelist
Cvelist
added 2022/04/25 2:13 p.m.44 views

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.9AI score0.32808EPSS
Exploits7References3
OSV
OSV
added 2022/04/25 2:13 p.m.39 views

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.8CVSS7.2AI score0.32808EPSS
Exploits7References5
Cvelist
Cvelist
added 2022/03/31 7:20 a.m.30 views

CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...

8.9AI score0.00709EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/02/15 4:10 p.m.31 views

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

8.9AI score0.01443EPSS
Exploits0References1
Prion
Prion
added 2022/02/08 11:15 a.m.18 views

Design/Logic Flaw

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

8.3CVSS8.7AI score0.00447EPSS
Exploits0References2Affected Software8
Prion
Prion
added 2022/02/08 11:15 a.m.15 views

Cross site scripting

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

6.8CVSS8.6AI score0.03174EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/08 10:30 a.m.57 views

CVE-2022-21241

CSV+ prior to 0.8.1 is vulnerable to cross-site scripting: a remote unauthenticated attacker can inject arbitrary script or OS commands via a specially crafted CSV containing an HTML tag. Affected versions are CSV+ before 0.8.1; remediation is to update to v0.8.1 or later. CVSS details in source...

9.6CVSS8.6AI score0.03174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.28 views

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

8.9AI score0.03174EPSS
Exploits0References2
OSV
OSV
added 2022/02/08 10:30 a.m.21 views

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

9.6CVSS6.8AI score0.03174EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.35 views

CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier...

8.9AI score0.00447EPSS
Exploits0References2
NVD
NVD
added 2021/12/01 3:15 a.m.15 views

CVE-2021-20863

OS command injection vulnerability in ELECOM routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...

8CVSS0.00862EPSS
Exploits0References2
NVD
NVD
added 2021/12/01 3:15 a.m.17 views

CVE-2021-20852

Buffer overflow vulnerability in ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors...

6.8CVSS0.00454EPSS
Exploits0References2
Prion
Prion
added 2021/12/01 3:15 a.m.15 views

Buffer overflow

Buffer overflow vulnerability in ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors...

5.2CVSS7.4AI score0.00454EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/12/01 2:15 a.m.16 views

CVE-2021-20852

Buffer overflow vulnerability in ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors...

7.6AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/24 8:25 a.m.12 views

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

9.8AI score0.01486EPSS
Exploits0References2
OSV
OSV
added 2021/08/16 8:15 a.m.13 views

CVE-2021-23422

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

7.8CVSS7.8AI score
Exploits0References2
Prion
Prion
added 2021/08/16 8:15 a.m.12 views

Design/Logic Flaw

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

6.8CVSS7.8AI score0.00789EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/08/16 8:15 a.m.348 views

CVE-2021-23422

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

7.8CVSS7.2AI score0.00789EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/08/16 8:0 a.m.14 views

CVE-2021-23422 Arbitrary Code Injection

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

7.8CVSS8AI score0.00789EPSS
Exploits0References2
CVE
CVE
added 2021/08/05 8:3 p.m.116 views

CVE-2021-21805

CVE-2021-21805 affects Advantech R-SeeNet v2.4.12. The ping.php script is vulnerable to remote OS command injection via specially crafted HTTP requests, enabling arbitrary commands execution without credentials. The Nuclei template and Red Hat/other feeds corroborate remote execution risk; report...

10CVSS9.7AI score0.69631EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder