Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

459 matches found

EUVD
EUVDadded 2026/03/03 12:0 a.m.3 views

EUVD-2025-208246

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

7.2CVSS6.8AI score0.00053EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2026/03/03 12:0 a.m.1 views

CVE-2025-63911

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS5.9AI score0.0023EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2026/03/03 12:0 a.m.3 views

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...

5.9AI score0.00352EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/03 12:0 a.m.0 views

PT-2026-22770

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS5.9AI score0.0023EPSS
Exploits2References3
Cvelist
Cvelistadded 2026/03/03 12:0 a.m.16 views

CVE-2025-63911

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS0.0023EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2026/03/03 12:0 a.m.2 views

CVE-2025-63911

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS5.9AI score0.0023EPSS
Exploits2References2
EUVD
EUVDadded 2026/03/03 12:0 a.m.1 views

EUVD-2025-208243

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability...

7.2CVSS5.9AI score0.0023EPSS
Exploits2References2
EUVD
EUVDadded 2026/03/03 12:0 a.m.4 views

EUVD-2024-55461

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...

5.9AI score0.00352EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/03 12:0 a.m.2 views

Cohesity TranZman 安全漏洞

Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability, which stems from an authenticated command injection attack...

7.2CVSS5.8AI score0.0023EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2026/03/03 12:0 a.m.3 views

PT-2026-22779

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description The software contains an authenticated command injection issue. The issue is triggered via the HMI Name parameter. An attacker with valid credentials can inject...

5.9AI score0.00352EPSS
Exploits0References5
NVD
NVDadded 2026/02/27 2:16 a.m.3 views

CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8.8CVSS0.00043EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/27 12:0 a.m.4 views

PT-2026-22273

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system. This is possible by submitting crafted input into the username field of the import preconfiguration action via the API ...

8.8CVSS6.1AI score0.00043EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2026/01/31 3:21 p.m.3 views

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

7.2CVSS6.1AI score0.00021EPSS
Exploits1References1
NVD
NVDadded 2026/01/30 11:15 a.m.7 views

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

7.2CVSS0.00021EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/30 11:2 a.m.2 views

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

7.2CVSS6.1AI score0.00035EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/01/30 11:1 a.m.25 views

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

7.2CVSS0.00021EPSS
Exploits1References1
CVE
CVEadded 2026/01/30 11:1 a.m.29 views

CVE-2026-0709

CVE-2026-0709 affects Hikvision Wireless Access Points. The vulnerability is an authenticated command‑execution flaw caused by insufficient input validation, allowing attackers with valid credentials to send crafted packets that execute arbitrary commands on affected devices. The CVSS metrics ind...

7.2CVSS6.1AI score0.00021EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/01/30 12:0 a.m.4 views

PT-2026-5390

Name of the Vulnerable Software and Affected Versions Hikvision Wireless Access Points affected versions not specified Description Hikvision Wireless Access Points are susceptible to authenticated command execution because of inadequate input validation. An attacker possessing valid credentials c...

7.2CVSS6AI score0.00021EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2026/01/14 8:22 p.m.3 views

CVE-2025-37170

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS7.9AI score0.00104EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/01/14 3:23 p.m.2 views

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4
Rows per page
Query Builder