Lucene search
K

45045 matches found

CNVD
CNVD
added 2025/09/11 12:0 a.m.1 views

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...

10CVSS7.5AI score0.02882EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/11 12:0 a.m.4 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23471)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

9.8CVSS8.3AI score0.03986EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.10 views

PT-2025-37257

Name of the Vulnerable Software and Affected Versions: AIRI versions 0.7.2-beta.2 Description: AIRI is a self-hosted, artificial intelligence based Grok Companion. The application processes Markdown content using the useMarkdown composable and renders it directly into the DOM using v-html. An...

9.6CVSS5.8AI score0.00522EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/10 10:18 p.m.5 views

CVE-2025-58444

The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...

8.6CVSS6.4AI score0.00627EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/10 7:48 p.m.15 views

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

9.8CVSS9.5AI score0.10543EPSS
Exploits7References9Affected Software1
EUVD
EUVD
added 2025/09/10 7:48 p.m.14 views

EUVD-2025-27608

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...

9.8CVSS6.8AI score0.10543EPSS
Exploits7References8
OSV
OSV
added 2025/09/10 7:48 p.m.7 views

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

9.8CVSS9.5AI score0.10543EPSS
Exploits7References9
Cvelist
Cvelist
added 2025/09/10 6:41 p.m.23 views

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS0.10543EPSS
Exploits7References6
OSV
OSV
added 2025/09/10 6:41 p.m.5 views

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS9AI score0.10543EPSS
Exploits7References8
Snyk
Snyk
added 2025/09/10 5:10 p.m.3 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

8.8CVSS7.8AI score0.00512EPSS
Exploits0References2
NVD
NVD
added 2025/09/10 4:15 p.m.22 views

CVE-2025-43884

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

8.2CVSS0.00474EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 3:52 p.m.3 views

CVE-2025-43885

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS6.3AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 3:52 p.m.4 views

CVE-2025-43885

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS0.0054EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 2:15 p.m.2 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

7.5CVSS6AI score0.00448EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.10 views

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

0.0123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37068

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager versions 19.19 and 19.20 Description: Dell PowerProtect Data Manager, running on Hyper-V, contains an Improper Neutralization of Special Elements used in an OS Command vulnerability, also known as OS Command...

7.8CVSS6.4AI score0.0054EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37055

Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. A flaw in command parsing allowed a bypass of the Claude Code confirmation prompt, potentially triggering the execution of untrusted commands...

8.7CVSS6.7AI score0.00512EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.7 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

0.00448EPSS
Exploits0References3
CVE
CVE
added 2025/09/10 12:0 a.m.14 views

CVE-2025-56406

CVE-2025-56406 affects mcp-neo4j 0.3.0. The issue resides in the SSE service, allowing attackers to obtain sensitive information or execute arbitrary commands. Public details note that authentication is not mandatory for MCP servers and that the MCP server is intended for local environments where...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/09/10 12:0 a.m.167 views

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote command injection vulnerability in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The vulnerability lies in the time parameter of the time configuration endpoint, which is passed unsanitized to a shell command executed via th...

9.4CVSS7.9AI score0.61676EPSS
Exploits5
Rows per page
Query Builder