Lucene search
K

45044 matches found

CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple Open Source. A security vulnerability exists in CMSimple version 5.15 that originates from an authenticated user being able to modify file extensions and upload malicious PHP files, which could lead to remote command execution...

8.8CVSS7.1AI score0.00809EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

PopojiCMS 代码注入漏洞

PopojiCMS is an open source website builder from PopojiCMS. A code injection vulnerability exists in PopojiCMS version 2.0.1, which originates from an administrator user can inject malicious PHP code via a metadata settings endpoint, which may result in remote command execution...

8.6CVSS7.7AI score0.00947EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

0.00843EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50518

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

9.3CVSS8.9AI score0.01092EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

7AI score0.00843EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/09 9:31 p.m.4 views

EUVD-2025-202318

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

7AI score0.00593EPSS
Exploits1References4
NVD
NVD
added 2025/12/09 9:15 p.m.10 views

CVE-2023-53774

MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk record...

9.8CVSS0.00794EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/09 8:44 p.m.4 views

CVE-2021-47728 Selea Targa IP Camera Remote Code Execution via Utils

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

9.3CVSS7.9AI score0.02314EPSS
Exploits1References5
NVD
NVD
added 2025/12/09 7:15 p.m.5 views

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

9.8CVSS0.00593EPSS
Exploits1References3
OSV
OSV
added 2025/12/09 7:15 p.m.4 views

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function createxoripadopad allowing attackers to potentially write arbitrary files or execute arbitrary commands...

9.8CVSS7.5AI score
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201889

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

4.3CVSS6.8AI score0.00434EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-201946

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

8.4CVSS6.4AI score0.00704EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 6:16 p.m.2 views

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

7.2CVSS6AI score0.01526EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 5:19 p.m.87 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.10791EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 5:15 p.m.7 views

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

7.5CVSS0.00258EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2025/12/09 5:2 p.m.4 views

CVE-2025-12946 Improper input validation in NETGEAR Nighthawk routers

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

7.3CVSS6.9AI score0.00258EPSS
Exploits0References18
Cvelist
Cvelist
added 2025/12/09 5:2 p.m.19 views

CVE-2025-12946 Improper input validation in NETGEAR Nighthawk routers

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

7.3CVSS0.00258EPSS
Exploits0References18
OSV
OSV
added 2025/12/09 4:17 p.m.7 views

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

8.4CVSS6AI score
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.6 views

AZL-72556 CVE-2025-2296 affecting package edk2 for versions less than 20230301gitf80f052277c8-44

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

8.4CVSS6AI score0.00704EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.2 views

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

8.4CVSS0.00704EPSS
Exploits0References1
Rows per page
Query Builder