Lucene search
K

45045 matches found

Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-82: Insecure OS сommand execution mechanism in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability allows a remote attacker to execute arbitrary operating system commands and escalate their privileges to superuser level by sending a POST request via ...

9.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-81: OS command injection in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability is related to a failure to neutralize special elements used in operating system commands. Exploitation of this vulnerability allows a remote attacker t...

9.4CVSS6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-23422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an...

7.8CVSS7.2AI score0.00789EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-22425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command...

8.8CVSS8.2AI score0.02466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-0415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. CVE-2022-0415 Note that Nessus relies on the presence of t...

9.9CVSS8.2AI score0.65237EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-31209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of active check command arguments in Checkmk 2.1.0p32, 2.0.0p38, 2.2.0p4 leads to arbitrary command execution for authenticated users...

8.8CVSS8.1AI score0.0102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-28940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary...

9.8CVSS8.6AI score0.03299EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2014-2886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GKSu 2.0.2, when sudo-mode is not enabled, uses double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in...

6.8CVSS6AI score0.02193EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default...

9.8CVSS8.3AI score0.03689EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-31208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command...

8.8CVSS8.2AI score0.00974EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 9:15 p.m.4 views

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS0.00558EPSS
Exploits1References1
NVD
NVD
added 2025/09/09 9:15 p.m.32 views

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

9.8CVSS0.01468EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/09 9:12 p.m.4 views

CVE-2025-9997

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...

5.8CVSS6.9AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 8:19 p.m.4 views

CVE-2025-58768 DeepChat's Mermaid rendering has XSS leading to RCE

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS7AI score0.00558EPSS
Exploits1References3
OSV
OSV
added 2025/09/09 7:34 p.m.4 views

CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

7.5CVSS7AI score0.19313EPSS
Exploits4References6
OSV
OSV
added 2025/09/09 11:46 a.m.3 views

MAL-2025-46987 Malicious code in arm-package-deploymentscripts-2019-10-preview (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 036de74aa3f36e7c65b0ae918b5cbc8dad256bac711320dbded5935ef0d48657 The OpenSSF Package Analysis project identified 'arm-package-deploymentscripts-2019-10-preview' @ 8.0.1 npm as malicious. It is considered...

7.1AI score
Exploits0
Rosalinux
Rosalinux
added 2025/09/09 10:19 a.m.5 views

Advisory ROSA-SA-2025-2971

software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...

8.6CVSS7.9AI score0.00628EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/09 2:11 a.m.1 views

CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

10CVSS6.6AI score0.02882EPSS
Exploits1References4
CVE
CVE
added 2025/09/09 2:11 a.m.64 views

CVE-2025-42944

The CVE-2025-42944 vulnerability affects SAP NetWeaver (notably the NetWeaver Application Server Java) via insecure deserialization in the RMI-P4 module. An unauthenticated, remote attacker can send a malicious payload to an open port, leading to arbitrary OS command execution with the attacker g...

10CVSS6.6AI score0.02882EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.6 views

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat versions prior to 0.3.5, which stems from the direct use of user content in innerHTML and could lead to command execution...

9.6CVSS7.4AI score0.00558EPSS
Exploits1References2
Rows per page
Query Builder