CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

RedhatCVE•added 2026/06/05 6:49 p.m.•7 views

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

6.3CVSS6AI score0.01143EPSS

Exploits2References1

Cvelist•added 2026/06/04 12:0 a.m.•35 views

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

0.00466EPSS

Exploits1References4

CVE•added 2026/05/27 12:18 p.m.•15 views

CVE-2026-45962

The CVE affects the Linux kernel ublk driver, where ublk_ctrl_cmd_dump() could access (header *)sqe->cmd before checking IO_URING_F_SQE128, enabling out-of-bounds memory access. The mitigation is to check the SQE128 flag earlier in ublk_ctrl_uring_cmd() and return -EINVAL if not set. Several s...

5.5CVSS5.8AI score0.00156EPSS

Exploits0References6Affected Software1

Debian CVE•added 2026/05/27 12:18 p.m.•9 views

CVE-2026-45962

In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...

5.5CVSS5.7AI score0.00156EPSS

Exploits0

NVD•added 2026/05/19 6:16 p.m.•20 views

CVE-2026-8603

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

9.8CVSS0.01317EPSS

Exploits0References1

Vulnrichment•added 2026/05/13 5:59 p.m.•6 views

CVE-2026-0261 PAN-OS: Authenticated Admin Command Injection Vulnerability

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

8.6CVSS5.9AI score0.01336EPSS

Exploits0References1

EUVD•added 2026/04/21 2:53 p.m.•4 views

EUVD-2026-23964

Spinnaker: RCE via expression parsing due to unrestricted context handling...

9.9CVSS5.7AI score0.00553EPSS

Exploits0References6

ATTACKERKB•added 2026/03/29 12:44 p.m.•1 views

CVE-2026-32914

OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted ...

8.8CVSS5.9AI score0.00251EPSS

Exploits0References3

NCSC•added 2026/03/12 2:44 p.m.•30 views

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in Cisco IOS XR Software. The vulnerabilities are in the command-line interface CLI of Cisco IOS XR, which allows authenticated local attackers to execute arbitrary root-level commands or obtain full administrative privileges. In addition, there is a problem with t...

8.8CVSS6.1AI score0.00318EPSS

Exploits0References3

RedhatCVE•added 2026/03/05 7:31 p.m.•5 views

CVE-2026-20063

A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...

6CVSS6.2AI score0.00188EPSS

Exploits0References1

CVE•added 2026/03/04 6:34 p.m.•20 views

CVE-2026-20016

Cisco FXOS Software CLI contains an input-validation flaw that can allow an authenticated, local attacker with admin credentials to execute arbitrary commands on the underlying OS with root privileges. Root cause: insufficient validation of user-supplied CLI arguments in the Cisco Secure Firewall...

6.7CVSS6.2AI score0.00334EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/04 6:31 p.m.•5 views

EUVD-2026-9455

6CVSS6.2AI score0.00172EPSS

Exploits0References2

OSV•added 2026/01/08 4:15 p.m.•4 views

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

8.1CVSS6.1AI score0.01426EPSS

Exploits1References2

Cvelist•added 2025/11/26 12:0 a.m.•7 views

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

0.06877EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-19679

Malware in sbrugna...

5.5CVSS5.6AI score0.00216EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-5688

Malware in sbrugna...

7.5CVSS7.5AI score0.01791EPSS

Exploits0References4