Lucene search
K

45043 matches found

OSV
OSV
added 2025/09/24 6:15 p.m.5 views

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

6.7CVSS6AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/24 5:44 p.m.25 views

CVE-2025-52906 TOTOLINK X6000R Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...

9.3CVSS0.13164EPSS
Exploits0References2
CVE
CVE
added 2025/09/24 5:14 p.m.42 views

CVE-2025-20338

CVE-2025-20338 affects Cisco IOS XE Software CLI. The root cause is insufficient validation of user-supplied arguments passed to specific CLI commands, allowing an authenticated administrator (level 15) to craft CLI input that can execute arbitrary commands as root on the device. According to Cis...

6.7CVSS6.8AI score0.0015EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/24 5:7 p.m.31 views

CVE-2025-20334

Cisco IOS XE Software HTTP API Command Injection vulnerability (CVE-2025-20334) in the HTTP API subsystem allows an attacker to execute commands with root privileges due to insufficient input validation. A remote attacker with administrative privileges can exploit via an API call with crafted inp...

8.8CVSS7.1AI score0.00468EPSS
Exploits0References1
OSV
OSV
added 2025/09/24 3:40 p.m.4 views

CLSA-2025-1758728428 spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

9.3CVSS6.8AI score0.07053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 3:23 p.m.5 views

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

7.5CVSS7AI score0.00316EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/09/24 11:28 a.m.2 views

New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus. "The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and Iced...

7.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.6 views

PT-2025-39305

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying...

10CVSS7AI score0.00468EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.7 views

PT-2025-39306

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...

6.2CVSS6.7AI score0.0015EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.2 views

Cisco IOS XE 命令注入漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from a command injection vulnerability that stems from insufficie...

8.8CVSS7.4AI score0.00468EPSS
Exploits0References3
OSV
OSV
added 2025/09/23 5:41 p.m.5 views

CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...

9CVSS9AI score0.0051EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/23 3:9 p.m.6 views

DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module

Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...

9CVSS7.2AI score0.0051EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39191

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized...

9CVSS7AI score0.0051EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

TalentSys Inka.Net 代码问题漏洞

TalentSys Inka.Net is a human resource management system from TalentSys Turkey. A code issue vulnerability exists in TalentSys Inka.Net versions prior to 6.7.1, which stems from allowing the upload of dangerously typed files, which could lead to command injection...

10CVSS7.1AI score0.01041EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 9:16 p.m.18 views

CVE-2025-59532

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

8.6CVSS0.00815EPSS
Exploits1References3
OSV
OSV
added 2025/09/22 8:26 p.m.6 views

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

8.6CVSS7.1AI score0.00815EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/22 8:26 p.m.12 views

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

8.6CVSS0.00815EPSS
Exploits1References3
NVD
NVD
added 2025/09/22 7:15 p.m.3 views

CVE-2025-57685

The LB-Link routers, including the BL-AC2100AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000AE4 v2.4.9, BL-AC1900AZ2 v1.0.2, BL-X26AC8 v1.2.8, and BL-LTE300DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/setserialcfg...

8.8CVSS0.01427EPSS
Exploits0References3
OSV
OSV
added 2025/09/22 6:15 p.m.4 views

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

8.8CVSS6.3AI score0.00772EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.5 views

`git-comiters` Command Injection vulnerability

Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...

8.8CVSS7.8AI score0.0228EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder