Lucene search
K

45029 matches found

CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actionwireless in the file /usr/lib/lua/luci/control/admin/wireless.lua, which...

8.8CVSS6.9AI score0.02666EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

8.8CVSS7.2AI score0.01725EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50681

Name of the Vulnerable Software and Affected Versions Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F versions V1.xxV2.xx Description An OS Command Injection issue exists in Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F. Successful exploitation allows attackers to execute arbitrary commands. This is...

8.8CVSS7.3AI score0.01451EPSS
Exploits0References6
CVE
CVE
added 2025/12/11 12:0 a.m.12 views

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

8.8CVSS7.5AI score0.03121EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/10 10:16 p.m.3 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS0.00843EPSS
Exploits1References2
OSV
OSV
added 2025/12/10 10:16 p.m.4 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

9.8CVSS5.8AI score0.00843EPSS
Exploits1References2
OSV
OSV
added 2025/12/10 10:16 p.m.6 views

CVE-2024-58284

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

7.2CVSS7.6AI score
Exploits0References5
NVD
NVD
added 2025/12/10 10:16 p.m.4 views

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.8CVSS0.00809EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:15 p.m.3 views

CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

8.6CVSS7.3AI score0.00947EPSS
Exploits1References5
CVE
CVE
added 2025/12/10 9:14 p.m.8 views

CVE-2024-58282

CVE-2024-58282 affects Serendipity 2.5.0 via remote code execution through authenticated media uploads. The root cause is improper handling of uploaded PHP files, enabling an authenticated administrator to upload a PHP shell that executes arbitrary commands on the server. Public references note t...

8.6CVSS8AI score0.00858EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 9:13 p.m.20 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS0.00809EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:13 p.m.3 views

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

8.6CVSS7.9AI score0.00809EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:13 p.m.18 views

CVE-2024-58280

CVE-2024-58280 affects CMSimple 5.15 and enables authenticated remote code execution via the Extensions configuration: an attacker can append ",php" to Extensions_userfiles and upload a PHP shell to the media directory, enabling arbitrary code execution on the server. The available sources confir...

8.8CVSS7.9AI score0.00809EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 5:17 p.m.6 views

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

7.3CVSS7.2AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 8:36 a.m.5 views

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

4.3CVSS7.3AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 8:34 a.m.5 views

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

8.4CVSS6.7AI score0.00704EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/10 12:28 a.m.10 views

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

9.8CVSS7.5AI score0.00593EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.3 views

D-Link DCS-930L Command Injection Vulnerability

D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...

8.8CVSS7.9AI score0.07402EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50325

Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369 B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...

7.3AI score0.10987EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50529

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15 Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions...

8.8CVSS7.4AI score0.00809EPSS
Exploits1References9
Rows per page
Query Builder