CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

136 matches found

EUVD•added 2026/01/29 2:28 p.m.•4 views

EUVD-2020-30904

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS

Exploits0References3

Positive Technologies•added 2026/01/29 12:0 a.m.•5 views

PT-2026-5284

8.8CVSS6.7AI score0.00521EPSS

Exploits0References4

RedhatCVE•added 2026/01/24 3:17 a.m.•6 views

CVE-2026-0785

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

8.8CVSS6.5AI score0.01256EPSS

Exploits0References1

NVD•added 2026/01/21 6:16 p.m.•4 views

CVE-2021-47770

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network...

8.8CVSS0.00634EPSS

Exploits0References4

Positive Technologies•added 2026/01/21 12:0 a.m.•7 views

PT-2026-3795

Name of the Vulnerable Software and Affected Versions OpenPLC version 3 Description The software contains an authenticated remote code execution issue. An attacker with valid credentials can inject malicious code through the hardware configuration interface. This allows for the upload of a custom...

8.8CVSS6.5AI score0.00634EPSS

Exploits0References6

CVE•added 2026/01/13 10:52 p.m.•9 views

CVE-2022-50934

CVE-2022-50934 entry rejected; CNA withdrew; not a security issue.

8.1AI score0.00204EPSS

Exploits0

RedhatCVE•added 2026/01/09 10:54 a.m.•4 views

CVE-2022-23375

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php...

8.8CVSS7.8AI score0.19872EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:47 a.m.•4 views

CVE-2022-31700

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2...

7.2CVSS7.7AI score0.01082EPSS

Exploits1References1

CVE•added 2026/01/09 10:0 a.m.•13 views

CVE-2025-64091

The connected sources identify CVE-2025-64091 as affecting Zenitel ICX500 and ICX510 platforms. The vulnerability enables an authenticated attacker to execute commands via the device’s NTP configuration, described as a command-injection issue in the NTP configuration path. Reported by multiple fe...

8.8CVSS6.8AI score0.00319EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/09 9:59 a.m.•26 views

CVE-2025-64090 Authenticated Remote Code Execution in device hostname

This vulnerability allows authenticated attackers to execute commands via the hostname of the device...

10CVSS0.00361EPSS

Exploits0References1

GithubExploit•added 2026/01/08 1:15 p.m.•210 views

Exploit for CVE-2026-21877

🚨 CVE-2026-21877 — Critical RCE Vulnerability !1767801640416...

9.9CVSS9AI score0.05258EPSS

Exploits1

RedhatCVE•added 2026/01/01 7:28 p.m.•17 views

CVE-2021-47747

meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

8.8CVSS8.6AI score0.0061EPSS

Exploits1References1

GithubExploit•added 2025/12/24 10:4 a.m.•168 views

Exploit for CVE-2025-68613

🚀 n8n Authenticated RCE PoC Pocsuite3 CVE ID: CVE-202...

9.9CVSS8.2AI score0.98011EPSS

Exploits29

EUVD•added 2025/12/12 12:30 a.m.•5 views

EUVD-2024-55337

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

8.7CVSS8.4AI score0.03118EPSS

Exploits1References5

Rapid7 Blog•added 2025/11/07 7:46 p.m.•8 views

Metasploit Wrap-Up 11/07/2025

New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...

7.2CVSS8.1AI score0.13843EPSS

Exploits2

Vulnrichment•added 2025/10/14 4:42 p.m.•2 views

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS7.4AI score0.00811EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-9451

Malware in sbrugna...

7.2CVSS7AI score0.02848EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-20425

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01883EPSS

Exploits3References4