Lucene search
K

44987 matches found

CVE
CVE
added 2025/12/26 4:20 a.m.27 views

CVE-2025-52600

CVE-2025-52600 affects Hanwha Vision cameras; vulnerability in camera video analytics due to improper input validation could allow a remote attacker to execute commands on the host PC. Patch firmware has been released by the manufacturer. Connected Nessus/NVD entries reiterate the same descriptio...

7.2CVSS6.5AI score0.00369EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

Hanwha Vision Camera 安全漏洞

Hanwha Vision Camera is a series of cameras from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision Camera that stems from improper input validation in the camera's video analytics, which could lead to an attacker executing specific commands on the user's host...

7.2CVSS6.4AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.4 views

PT-2025-53446

Name of the Vulnerable Software and Affected Versions Camera Video Analytics Software affected versions not specified Description A flaw exists in camera video analytics software related to improper input validation. This could allow an attacker to execute commands on a user’s host PC...

5.2CVSS6.7AI score0.00369EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/25 7:41 p.m.6 views

Malicious code in bettermode-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ade97c888752f20137524d28c5b49359ed4187da5edcecb60ead623f40aba3c The package bettermode-common was found to contain malicious code. Source: ghsa-malware...

7AI score
Exploits0References1
NVD
NVD
added 2025/12/24 8:15 p.m.4 views

CVE-2025-3232

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

8.7CVSS0.00511EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:28 p.m.2 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS7.6AI score0.0035EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.41 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS0.0035EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

8.8CVSS7.8AI score0.02325EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS7.3AI score0.00591EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.28 views

CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS0.00591EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/12/24 3:22 p.m.149 views

riello-multiple-vulnerabilities-2025

Riello UPS with NetMan 208 - Vulnerability Disclosure During...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/24 12:48 a.m.10 views

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

8.4CVSS8.2AI score0.00838EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0 that originates from a restricted shell that can be escaped via a customized ping command, which could result in the execution of commands with ro...

8.8CVSS7.1AI score0.00516EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.18 views

PT-2025-53343

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...

8.7CVSS7.3AI score0.0035EPSS
Exploits1References5
CNVD
CNVD
added 2025/12/24 12:0 a.m.5 views

Advantech WebAccess/SCADA SQL Injection Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.6 views

TencentOS Server 4: edk2 (TSSA-2025:0967)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0967 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.4CVSS6.1AI score0.00704EPSS
Exploits0References3
NVD
NVD
added 2025/12/23 10:15 p.m.5 views

CVE-2025-66210

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...

9.4CVSS0.02701EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 4:16 p.m.9 views

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

10CVSS0.003EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/12/23 9:54 a.m.147 views

Exploit for Code Injection in Laravel Livewire

Livepyre A tool designed to exploit CVE-2025-54068 an...

9.8CVSS5.8AI score0.95376EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/12/23 6:29 a.m.5 views

CVE-2025-11542

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs...

8.4CVSS7.6AI score0.00356EPSS
Exploits0References1
Rows per page
Query Builder