Lucene search
K

44987 matches found

RedhatCVE
RedhatCVE
added 2025/12/12 12:7 p.m.4 views

CVE-2025-64993

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

7.2CVSS8AI score0.00758EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 12:7 p.m.5 views

CVE-2025-64989

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

7.2CVSS8AI score0.0098EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/12 1:24 a.m.22 views

SUSE CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

7.5CVSS7.7AI score0.02109EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS7.9AI score0.02627EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.6 views

EUVD-2024-55329

FoF Pretty Mail has a server-side template injection vulnerability...

8.6CVSS6.9AI score0.0053EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/12 12:30 a.m.5 views

EUVD-2024-55333

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

9.2CVSS8.4AI score0.00721EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.8 views

Typora 操作系统命令注入漏洞

Typora is a Typora open source editor. An operating system command injection vulnerability exists in Typora version 1.7.4, which stems from a command injection in the PDF export preferences that could lead to the execution of arbitrary system commands...

9.8CVSS7.6AI score0.01028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50934

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

8.6CVSS7AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

ATCOM 100M 操作系统命令注入漏洞

ATCOM 100M is an IP phone from ATCOM Greece. An operating system command injection vulnerability exists in ATCOM 100M version 2.7.x.x. The vulnerability stems from a command injection in the web configuration CGI script, which could lead to the execution of arbitrary system commands...

8.8CVSS7.6AI score0.01393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50952

Name of the Vulnerable Software and Affected Versions MineAdmin versions 3.x Description Insecure permissions within the scheduled tasks feature permit attackers to execute arbitrary commands and potentially gain full account control. Recommendations At the moment, there is no information about a...

9.8CVSS7.2AI score0.00468EPSS
Exploits0References7
OSV
OSV
added 2025/12/11 10:15 p.m.3 views

CVE-2024-58286

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...

9.3CVSS6.4AI score
Exploits0References3
Snyk
Snyk
added 2025/12/11 10:7 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

8.6CVSS7AI score0.0053EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.7 views

CVE-2024-58282

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

8.6CVSS8.3AI score0.00858EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.6 views

CVE-2024-58284

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

8.6CVSS7.7AI score0.00947EPSS
Exploits1References1
CVE
CVE
added 2025/12/11 9:40 p.m.7 views

CVE-2024-58303

FoF Pretty Mail 1.1.2 has a server-side template injection vulnerability in email template processing that lets an administrator inject code and trigger arbitrary system commands during email generation. Affected component: FoF Pretty Mail (likely package foF/pretty-mail) with internal Blade temp...

8.6CVSS8AI score0.0053EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:39 p.m.3 views

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

9.2CVSS8.6AI score0.00721EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/11 9:31 p.m.10 views

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.9AI score0.00851EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/12/11 9:31 p.m.3 views

GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.8AI score0.00851EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/12/11 8:1 p.m.148 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React Server Components RCE Exploit Exploits CVE-2025...

10CVSS8.7AI score0.99562EPSS
Exploits372
EUVD
EUVD
added 2025/12/11 7:47 p.m.3 views

EUVD-2025-202871

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

8.8CVSS6.8AI score0.00404EPSS
Exploits0References2
Rows per page
Query Builder