Lucene search
K

44983 matches found

ATTACKERKB
ATTACKERKB
added 2025/12/17 4:47 p.m.5 views

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

10CVSS6.2AI score0.2906EPSS
In wildExploits2References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/12/17 4:47 p.m.3 views

CVE-2025-20393 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

10CVSS7.2AI score0.2906EPSS
Exploits2References1
CVE
CVE
added 2025/12/17 4:47 p.m.323 views

CVE-2025-20393

CVE-2025-20393 affects Cisco AsyncOS Software on Cisco Secure Email Gateway (SEG) and Cisco Secure Email and Web Manager (SEWM) appliances. The vulnerability stems from improper input validation in the Spam Quarantine feature, allowing unauthenticated remote attackers to execute arbitrary command...

10CVSS7.2AI score0.2906EPSS
In wildExploits2References2Affected Software1
Cvelist
Cvelist
added 2025/12/17 4:47 p.m.33 views

CVE-2025-20393 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

10CVSS0.2906EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.12 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS8.9AI score0.01624EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51960

Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5 Description TinyWebGallery version 2.5 contains a remote code execution issue in the admin upload functionality. An unauthenticated attacker can upload malicious PHP files, specifically .phar files, to execute...

9.8CVSS8.4AI score0.00931EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.160 views

📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection

Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...

8.8CVSS8.1AI score0.99589EPSS
Exploits10
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, prior to 24.2.7, and prior to 25.1.5, which originates from a local, unprivileged user being able to manipulate the DriveLock process in a...

8.8CVSS7AI score0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 12:0 a.m.3 views

CVE-2024-46062

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

7.3AI score0.00172EPSS
Exploits1References2
NVD
NVD
added 2025/12/16 1:15 p.m.7 views

CVE-2025-65074

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version...

8.6CVSS0.0042EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 1:15 p.m.4 views

CVE-2025-65074

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version...

7.2CVSS6.1AI score0.0042EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 12:25 p.m.12 views

CVE-2025-65074

WaveView client/vulnerable component is WaveStore Server interaction. CVE-2025-65074 describes path traversal in the showerr script that lets a high-privileged attacker execute arbitrary OS commands on the server. Affected: WaveView client with WaveStore Server via showerr; impact is remote comma...

8.6CVSS7.2AI score0.0042EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2025/12/16 8:21 a.m.20 views

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in...

10CVSS7.9AI score0.99621EPSS
Exploits443
CNVD
CNVD
added 2025/12/16 12:0 a.m.6 views

Command Injection Vulnerability in FineReport, FineBI, and FineDataLink of SailSoft Software Ltd.

FineReport is a leading enterprise-grade web reporting tool.FineBI is a new generation of self-service BI tools.FineDataLink is a low-code/high-time-efficiency enterprise-grade one-stop data integration and governance platform product. A command injection vulnerability exists in FineReport, FineB...

8.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.7 views

PT-2025-51558

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version...

8.6CVSS7.6AI score0.0042EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.197 views

📄 Control Web Panel 0.9.8.1208 Command Injection

Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...

7.8AI score0.01186EPSS
Exploits3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...

10CVSS7.1AI score0.01624EPSS
Exploits1References4
NVD
NVD
added 2025/12/15 9:15 p.m.10 views

CVE-2023-53872

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

9.3CVSS0.0107EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 8:28 p.m.14 views

CVE-2023-53885

CVE-2023-53885 affects Webutler v3.2 and enables remote code execution via arbitrary file upload. The vulnerability allows authenticated administrators to upload PHP files (e.g., a PHAR containing embedded system commands) through the media browser and subsequently execute commands by accessing t...

8.6CVSS8.4AI score0.00794EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53881 ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

9.2CVSS7.1AI score0.00263EPSS
Exploits1References3
Rows per page
Query Builder