Lucene search
K

45029 matches found

OSV
OSV
added 2025/10/03 7:56 p.m.6 views

RLSA-2025:13941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

8.6CVSS6.9AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/03 6:10 p.m.3 views

CVE-2025-47212 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

5.1CVSS7.7AI score0.01365EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 9:55 a.m.2 views

MAL-2025-47901 Malicious code in odoo-sfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6150db474384025ea6979cd2f9cdfcd33735d897541917f74ee49a6d3ee74c71 The OpenSSF Package Analysis project identified 'odoo-sfu' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2025/10/03 6:34 a.m.8 views

CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

8.7CVSS0.30227EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2025/10/03 12:0 a.m.3 views

IBM InfoSphere 11.7.0.x < 11.7.1.6 SP1 Command Injection (7246170)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.0 prior to 11.7.1.6 SP1. It is, therefore, affected by a command injection vulnerability, as referenced in the 7246170 advisory. - IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an...

8.8CVSS6AI score0.00417EPSS
Exploits0References2
Saint
Saint
added 2025/10/03 12:0 a.m.99 views

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

8.8CVSS8.3AI score0.94666EPSS
Exploits3
CVE
CVE
added 2025/10/02 2:8 p.m.12 views

CVE-2025-59741

AndSoft e-TMS v25.03 suffers an OS command injection that can be triggered by sending a POST request to /CLT/LOGINERRORFRM.ASP with the m parameter. Multiple connected sources (CNVD-2025-23538, NVD/CVE-2025-59741, CNNVD-202510-331, PT-2025-40361) confirm the vulnerability exists and that an attac...

9.8CVSS7.7AI score0.01298EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/02 2:7 p.m.21 views

CVE-2025-59740

AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...

9.8CVSS7.7AI score0.01416EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/02 1:59 p.m.17 views

CVE-2025-59735

CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...

9.8CVSS7.7AI score0.01536EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/10/02 10:15 a.m.1 views

UBUNTU-CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

8.1CVSS6AI score0.00192EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:10 a.m.5 views

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands

...

9.3CVSS7AI score0.05978EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.3 views

PT-2025-40332

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...

8.8CVSS6.8AI score0.00537EPSS
Exploits7References32
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.4 views

PT-2025-40651

CVE-2025-61850 - Apache Struts Command Execution CVE ID : CVE-2025-61850 Published : Oct. 2, 2025, 3:15 a.m. | 1 hour, 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.7AI score
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/02 12:0 a.m.6 views

Smartbedded Meteobridge Command Injection Vulnerability

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...

8.8CVSS7.9AI score0.94666EPSS
In wildExploits3
Microsoft CVE
Microsoft CVE
added 2025/10/01 11:10 p.m.6 views

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

7.5CVSS7AI score0.01702EPSS
Exploits1
NVD
NVD
added 2025/10/01 11:15 a.m.4 views

CVE-2025-10847

DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

8.4CVSS0.00441EPSS
Exploits0References1
CVE
CVE
added 2025/10/01 10:48 a.m.13 views

CVE-2025-10847

CVE-2025-10847 concerns Broadcom’s DX Unified Infrastructure Management (Nimsoft/UIM) robot/controller ACL handling. Connected sources indicate an improper ACL handling flaw that allows a remote attacker to execute commands and read from or write to the target system via the robot component. The ...

8.4CVSS6.8AI score0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/01 10:48 a.m.11 views

CVE-2025-10847 DX UIM Probe Improper ACL Handling RCE

DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

8.4CVSS0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.4 views

PT-2025-40103

Name of the Vulnerable Software and Affected Versions DX Unified Infrastructure Management Nimsoft/UIM versions prior to 8.63 Description The software contains an improper Access Control List ACL handling issue within the robot controller component. A remote attacker may be able to execute...

8.4CVSS7AI score0.00441EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

Broadcom Unified Infrastructure Management 安全漏洞

Broadcom Unified Infrastructure Management is an IT infrastructure monitoring and management platform from Broadcom, Inc. A security vulnerability exists in Broadcom Unified Infrastructure Management that stems from improper handling of access control lists for robotic components, which could...

8.4CVSS6.9AI score0.00441EPSS
Exploits0References1
Rows per page
Query Builder