Lucene search
K

44987 matches found

CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...

10CVSS7.1AI score0.01624EPSS
Exploits1References4
NVD
NVD
added 2025/12/15 9:15 p.m.10 views

CVE-2023-53872

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

9.3CVSS0.0107EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 8:28 p.m.14 views

CVE-2023-53885

CVE-2023-53885 affects Webutler v3.2 and enables remote code execution via arbitrary file upload. The vulnerability allows authenticated administrators to upload PHP files (e.g., a PHAR containing embedded system commands) through the media browser and subsequently execute commands by accessing t...

8.6CVSS8.4AI score0.00794EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53881 ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by...

9.2CVSS7.1AI score0.00263EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 8:28 p.m.10 views

CVE-2023-53872

Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...

9.3CVSS8AI score0.0107EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.15 views

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

9.3CVSS0.0107EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.3 views

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

9.3CVSS8AI score0.0107EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.165 views

📄 Docker Compose 2.40.3 Command Execution

Docker Compose version 2.40.3 proof of concept provider type PHP command execution exploit. ============================================================================================================================================= | Title : Docker Compose v 2.40.3 Provider Type PHP Command...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51306

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system...

8.8CVSS7.1AI score0.00824EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.3 views

wp2fac 操作系统命令注入漏洞

wp2fac is a CAPTCHA sending module by the individual developer Metin Yeşil. An operating system command injection vulnerability exists in version 1.0 of wp2fac, which stems from the presence of an OS command injection in the send.php endpoint, which could lead to the execution of arbitrary system...

9.3CVSS7.6AI score0.0107EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 7:37 a.m.8 views

Improper Encoding Or Escaping Of Output

MotionEye is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to unsanitized user input in configuration parameters being written to configuration files, which allows an attacker to execute arbitrary commands when the service is restarted...

7.2CVSS6.1AI score0.2442EPSS
Exploits16References5Affected Software1
Veracode
Veracode
added 2025/12/13 7:20 a.m.6 views

Command Injection

mcp-kubernetes-server is vulnerable to Command Injection. The vulnerability is due to the use of shell=True in the /mcp/kubectl endpoint, which allows an attacker to inject and execute arbitrary operating system commands...

9.8CVSS6AI score0.01235EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/12/13 5:52 a.m.230 views

Server-Side Template Injection (SSTI)

getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to weak regex validation in the cleanDangerousTwig method, which allows an attacker to execute arbitrary commands on the server...

8.8CVSS6.1AI score0.0264EPSS
Exploits4References3Affected Software1
Veracode
Veracode
added 2025/12/13 5:2 a.m.7 views

Improper Restriction Of Command Execution

org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...

8.8CVSS6.1AI score0.00556EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.6 views

CVE-2024-58298

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

9.2CVSS8.9AI score0.00721EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/12 6:30 p.m.11 views

MineAdmin has an insecure default password

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover...

9.8CVSS7.7AI score0.00468EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/12 6:30 p.m.4 views

EUVD-2025-203101

MineAdmin has an insecure default password...

9.8CVSS6.6AI score0.00468EPSS
Exploits0References6
OSV
OSV
added 2025/12/12 4:15 p.m.8 views

CVE-2025-65854

Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover...

9.8CVSS6AI score0.00468EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 3:25 p.m.10 views

Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...

9.8CVSS7.5AI score0.02508EPSS
Exploits6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 12:7 p.m.4 views

CVE-2025-64986

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

7.2CVSS8AI score0.0106EPSS
Exploits0References1
Rows per page
Query Builder