Lucene search
K

397 matches found

Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.02494EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/03 12:0 a.m.18 views

CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

0.02126EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/12/03 12:0 a.m.16 views

CVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

0.02494EPSS
Exploits1References1
CVE
CVE
added 2025/12/03 12:0 a.m.13 views

CVE-2025-57200

The CVE-2025-57200 issue concerns AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003. Affected component: test_mail function, where an authenticated command injection flaw exists. Under the documented vector, an attacker with authenticated access can craft input to execute arbitrary ...

6.5CVSS8AI score0.02126EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.6 views

PT-2025-48819

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw in the NetFailDetectD binary. This allows attackers to execute arbitrary commands via a crafted input...

8.8CVSS7.6AI score0.02957EPSS
Exploits2References9
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.4 views

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which originates from an authenticated command injection in the testmail function and could lead to the execution of...

6.5CVSS7.3AI score0.02126EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.02126EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-57199

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.02957EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48818

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...

8.8CVSS7.6AI score0.02494EPSS
Exploits1References9
CVE
CVE
added 2025/12/03 12:0 a.m.17 views

CVE-2025-57201

CVE-2025-57201 affects AVTECH SECURITY DGM1104 FullImg-1015-1004-1006-1003. The issue is an authenticated command-injection vulnerability in the SMB server function that allows an attacker to execute arbitrary commands via a crafted input. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with...

8.8CVSS8AI score0.15359EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.12 views

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

8CVSS8.3AI score0.07205EPSS
Exploits1References1
OSV
OSV
added 2025/11/26 9:15 p.m.5 views

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

8CVSS6.2AI score0.07205EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2025/11/21 8:52 p.m.15 views

Metasploit Wrap-Up 11/21/2025

CVE-2025-64446 - Fortinet’s FortiWeb exploitation A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall, now assigned CVE-2025-64446 CVSS 9.1, allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw...

9.8CVSS8.2AI score0.89177EPSS
Exploits20
Vulnrichment
Vulnrichment
added 2025/11/19 4:23 p.m.3 views

CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

8.7CVSS7AI score0.03188EPSS
Exploits2References4
CVE
CVE
added 2025/11/18 7:23 p.m.20 views

CVE-2025-37162

CVE-2025-37162 describes an authenticated command injection vulnerability in the command line interface of affected devices. Successful exploitation could allow execution of arbitrary OS commands by an attacker with valid credentials and network access; impact is system compromise of the underlyi...

8.8CVSS7.6AI score0.00824EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/18 7:6 p.m.20 views

CVE-2025-37163

CVE-2025-37163 describes an authenticated command-injection vulnerability in the HPE Aruba Networking Airwave Platform CLI. An authenticated attacker could run arbitrary OS commands with elevated privileges on the underlying system. Affected component: AirWave CLI; impact is privilege escalation ...

7.2CVSS7.7AI score0.00917EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/18 6:51 p.m.14 views

CVE-2025-37158

CVE-2025-37158 describes a command injection vulnerability in the AOS-CX Operating System . The public records indicate an authenticated remote attacker could achieve Remote Code Execution (RCE) on the affected system. The available documents do not provide concrete details on affected versions, ...

8.8CVSS7.5AI score0.0061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 6:51 p.m.11 views

CVE-2025-37158 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...

6.7CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 6:48 p.m.13 views

CVE-2025-37157 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...

6.7CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/17 5:48 p.m.9 views

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

8.6CVSS0.04701EPSS
Exploits0References4
Rows per page
Query Builder