Lucene search
K

45043 matches found

CNNVD
CNNVD
added 2025/09/26 12:0 a.m.5 views

D-Link DIR-823X 安全漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command execution vulnerability that can be exploited by an attacker to cause code execution due to the setcassword settings interface not filtering special characters in the httpcasswd parameter...

8.8CVSS7.6AI score0.0038EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.4 views

PT-2025-39770

CVE-2025-60029 - Intel NUC Router Unauthenticated Remote Command Execution CVE ID : CVE-2025-60029 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

6.7AI score
Exploits0References1
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.5 views

SonarQube 操作系统命令注入漏洞

SonarQube is a code inspection tool from Sonar Open Source. An operating system command injection vulnerability exists in SonarQube versions 4.0.0 through prior to 6.0.0, which stems from a failure to properly validate user input on the Windows runner and could lead to arbitrary command execution...

7.7CVSS7.6AI score0.01507EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.4 views

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

8.7CVSS7.1AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2025/09/25 8:17 p.m.22 views

CVE-2025-11005

The CVE-2025-11005 issue affects TOTOLINK X6000R, where OS Command Injection arises from improper neutralization of special elements in user input. Affected versions: X6000R up to and including V9.4.0cu.1458_B20250708. Root cause: failure to properly filter special elements allows an attacker to ...

9.8CVSS6.7AI score0.01331EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/09/25 8:15 p.m.8 views

CVE-2025-59817

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity...

8.4CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2025/09/25 8:15 p.m.6 views

CVE-2025-59815

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity...

8.4CVSS0.00251EPSS
Exploits0References2
OSV
OSV
added 2025/09/25 3:16 p.m.3 views

CVE-2025-40836

Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2025/09/25 1:34 p.m.4 views

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

8.7CVSS7.7AI score0.0228EPSS
Exploits1References4
CloudLinux
CloudLinux
added 2025/09/25 10:39 a.m.7 views

spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

9.3CVSS7.1AI score0.07053EPSS
Exploits0
OSV
OSV
added 2025/09/25 10:39 a.m.4 views

CLSA-2025-1758796775 spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

9.3CVSS5.8AI score0.07053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.6 views

CVE-2025-59545

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS6.8AI score0.0051EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.5 views

PT-2025-39447

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description This issue allows attackers to execute arbitrary commands on the underlying system. Successful exploitation grants full control over the device due to the web portal running with root privileges,...

8.4CVSS7.2AI score0.00231EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.3 views

Zenitel ICX500和Zenitel ICX510 安全漏洞

Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from an attacker being able to execute arbitrary commands that could result in full control of the device...

8.4CVSS7.5AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.5 views

PT-2025-39445

Name of the Vulnerable Software and Affected Versions Zenitel ICX500 and ICX510 Gateway affected versions not specified Description This issue allows attackers to execute arbitrary commands on the underlying system, potentially gaining shell access. Successful exploitation can compromise the...

8.4CVSS7.1AI score0.00251EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.4 views

Zenitel ICX500和Zenitel ICX510 安全漏洞

Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from a malicious actor that can execute arbitrary commands, potentially compromising device availability,...

8.4CVSS7.2AI score0.00251EPSS
Exploits0References2
CNVD
CNVD
added 2025/09/25 12:0 a.m.3 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23469)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

8.8CVSS8.2AI score0.06115EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.2 views

SAMSUNG Retail Mode 安全漏洞

SAMSUNG Retail Mode is a demo mode application from Samsung South Korea. A security vulnerability exists in SAMSUNG Retail Mode versions prior to 5.59.4, which stems from improper input validation and could allow an attacker to execute privileged commands on an owned device...

6.6CVSS7AI score0.00174EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/09/24 7:13 p.m.207 views

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

10CVSS7.6AI score0.00348EPSS
Exploits1
NVD
NVD
added 2025/09/24 6:15 p.m.8 views

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

6.7CVSS0.0015EPSS
Exploits0References1
Rows per page
Query Builder