Lucene search
K

45044 matches found

Vulnrichment
Vulnrichment
added 2025/09/16 7:40 p.m.4 views

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.3CVSS7.9AI score0.02766EPSS
Exploits2References4
CNVD
CNVD
added 2025/09/16 12:0 a.m.2 views

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

8.8CVSS6.9AI score0.06789EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/16 12:0 a.m.3 views

Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...

9.8CVSS7.8AI score0.08082EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

6.7CVSS7AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.11 views

HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞

HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways, which stems from flaws in the encryption logic that could lead to the execution of arbitrary commands by an...

7.2CVSS7.1AI score0.00127EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.5 views

PT-2025-38086

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Gateways affected versions not specified Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run...

7.2CVSS7AI score0.00599EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/15 4:4 p.m.2 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.2AI score0.01303EPSS
Exploits1References2
OSV
OSV
added 2025/09/15 3:15 p.m.4 views

CVE-2025-52053

TOTOLINK X6000R V9.4.0cu.1360B20241207 was found to contain a command injection vulnerability in the sub417D74 function via the filename parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

9.8CVSS6.1AI score0.04374EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/09/15 1:16 p.m.3 views

Security update for pcp

This update for pcp fixes the following issues: CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS7.2AI score0.01002EPSS
Exploits0References4
OSV
OSV
added 2025/09/15 1:16 p.m.4 views

SUSE-SU-2025:03233-1 Security update for pcp

This update for pcp fixes the following issues: - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121...

8.8CVSS7AI score0.01002EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/15 1:12 p.m.8 views

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

9.8CVSS6.9AI score0.06072EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.2 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in Dataease version 2.10.12 and earlier, which...

9.8CVSS7.1AI score0.01303EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...

9.8CVSS7.8AI score0.04374EPSS
Exploits1References3
Gitee
Gitee
added 2025/09/14 1:32 p.m.172 views

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 11:39 a.m.96 views

nishang

This repository is an offensive tool for Windows systems. It contains a collection of PowerShell scripts that can be used to exploit various vulnerabilities and gain unauthorized access to a system. The scripts are designed to be used by attackers to gain a foothold on a system and then escalate...

7.6AI score
Exploits0
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.2 views

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...

8.8CVSS7.8AI score0.0815EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/09/13 7:28 p.m.5 views

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

9.6CVSS6.2AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2025/09/13 7:27 p.m.2 views

MAL-2025-47101 Malicious code in quick-navigation-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Gitee
Gitee
added 2025/09/13 5:14 p.m.202 views

ysoserial

This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...

7.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/13 8:2 a.m.3 views

CVE-2025-10358 Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

7.5CVSS7.3AI score0.06072EPSS
Exploits1References5
Rows per page
Query Builder