Lucene search
K

45043 matches found

CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

D-Link DIR-823X Command Execution Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command execution vulnerability that can be exploited by an attacker to cause code execution due to the setcassword settings interface not filtering special characters in the httpcasswd parameter...

8.8CVSS7.7AI score0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.3 views

IBM InfoSphere Information Server 操作系统命令注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An operating system command injection vulnerability exists in IBM InfoSphere Information Server...

8.8CVSS7AI score0.00417EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.2 views

Western Digital My Cloud 安全漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud versions prior to 5.31.108, which stems from the user interface not handling input correctly and could lead to remote command execution...

9.3CVSS7AI score0.01117EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.3 views

wenkucms 操作系统命令注入漏洞

wenkucms is a content management system by mirweiye personal developer. An OS command injection vulnerability exists in wenkucms 3.4 and earlier versions, which originates from a misuse of the function createPathOne in the file app/common/common.php, which could lead to a remote command injection...

8.8CVSS6.8AI score0.04201EPSS
Exploits1References4
CISA KEV Catalog
CISA KEV Catalog
added 2025/09/29 12:0 a.m.11 views

Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

10CVSS7.3AI score0.99614EPSS
In wildExploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/28 7:55 a.m.3 views

Malicious code in com.unity.2d.psdimporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 988ab6368c4a52337e54f822f3ec3a86cefa2611329d86d870b14d0168dcabc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/09/28 12:0 a.m.3 views

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

8.8CVSS7.8AI score0.04125EPSS
Exploits1References6
CNVD
CNVD
added 2025/09/28 12:0 a.m.2 views

TOTOLINK X6000R Operating System Command Injection Vulnerability

The TOTOLINK X6000R is a wireless router from TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X6000R V9.4.0cu.1458B20250708 and prior versions, which stems from a failure to properly filter special elements in user input. An attacker can exploit this vulnerability...

9.8CVSS8.1AI score0.01331EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/28 12:0 a.m.1 views

DELL Cloud Disaster Recovery OS Command Injection Vulnerability

DELL Cloud Disaster Recovery is a cloud disaster recovery solution provided by Dell Technologies. DELL Cloud Disaster Recovery suffers from an OS command injection vulnerability that stems from improper neutralization of special elements in OS commands, which can be exploited by an attacker to...

6.7CVSS8.1AI score0.00476EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.2 views

Takedown: How It's Done in Modern Coding Agent Exploits

Coding agents, which are LLM-driven agents specialized in software development, have become increasingly prevalent in modern programming environments. Unlike traditional AI coding assistants, which offer simple code completion and suggestions, modern coding agents tackle more complex tasks with...

7.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/27 6:2 p.m.4 views

CVE-2025-11073 Keyfactor RG-EW5100BE HTTP POST Request cmd command injection

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

5.8CVSS6.8AI score0.0195EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.2 views

Ruijie RG-EW5100BE 命令注入漏洞

The Ruijie RG-EW5100BE is a wireless router from China Ruijie Ruijie. A command injection vulnerability exists in the Ruijie RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019 version, which originates from the incorrect operation of the parameter url in the file /cgi-bin/luci/api/cmd, and could lead t...

5.8CVSS5.4AI score0.0195EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/26 7:48 p.m.10 views

CVE-2025-59815

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity...

8.4CVSS7.7AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 5:15 p.m.4 views

CVE-2025-59844

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS0.01507EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/26 4:24 p.m.17 views

CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.4AI score0.01507EPSS
Exploits0References3
OSV
OSV
added 2025/09/26 4:24 p.m.8 views

CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.7AI score0.01507EPSS
Exploits0References5
OSV
OSV
added 2025/09/26 1:1 p.m.3 views

GHSA-5XQ9-5G24-4G6F Argument injection vulnerability in SonarQube Scan Action

A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...

7.7CVSS7.5AI score0.01507EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/26 1:1 p.m.10 views

Argument injection vulnerability in SonarQube Scan Action

A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...

7.7CVSS7.5AI score0.01507EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/26 8:8 a.m.4 views

Malicious code in zeitwerk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acaf25aadd93141e9b88e577ad36d4e831f5fa1fbe92d0e8a97fa23404a75214 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/09/26 4:49 a.m.3 views

MAL-2025-47846 Malicious code in com.unity.device-simulator.devices (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abc462b44ac8ebcd3a4086ec95ca09fa7e919a9e77402cbc606744d36da1ac16 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
Rows per page
Query Builder