Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

22 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-9451

Malware in sbrugna...

7.2CVSS7AI score0.04662EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/06/08 9:5 p.m.9 views

CVE-2025-35008 Microhard Bullet-LTE and IPn4Gii AT+MMNAME Argument Injection

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argume...

7.1CVSS0.00385EPSS
Exploits1References4
CVE
CVEadded 2025/06/08 9:5 p.m.37 views

CVE-2025-35006

CVE-2025-35006 affects Microhard BulletLTE-NA2 and IPn4Gii-NA2. The issue is a post-authentication command injection in the AT+MFPORTFWD command, enabling privilege escalation. The root cause is CWE-88 (Improper Neutralization of Argument Delimiters in a Command). The CVSSv3.1 score is 7.1 (AV:L/...

7.1CVSS7.3AI score0.00385EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVASadded 2025/05/19 12:0 a.m.11 views

Mageia: Security Advisory (MGASA-2025-0158)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.5CVSS4.9AI score0.00195EPSS
Exploits0References4
Oracle linux
Oracle linuxadded 2025/04/22 12:0 a.m.29 views

ruby:3.1 security update

ruby 3.1.7-145 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55408 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. CVE-2024-43398 Resolves: RHEL-56002 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 3.1.5-143 - Upgra...

7.5CVSS8.5AI score0.87662EPSS
Exploits45
Positive Technologies
Positive Technologiesadded 2025/04/01 12:0 a.m.2 views

PT-2025-18652 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the CloudSrvUserdataVersionCheck function, allowing attackers to execute arbitrary commands via a crafted request. This is possible through the...

6.5CVSS7.8AI score0.09962EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2025/03/20 12:0 a.m.6 views

Azure Linux 3.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

8.4CVSS7.3AI score0.00226EPSS
Exploits1References2
CVE
CVEadded 2025/03/13 5:56 a.m.171 views

CVE-2024-8402

CVE-2024-8402 affects GitLab EE/CE, with input validation in the Google Cloud IAM integration allowing a Maintainer to inject malicious code in versions: 17.2–17.7.7, 17.8–17.8.5, and 17.9–17.9.2. Affected product: GitLab EE (and CE per sources) before the fixed releases. Root cause: input valida...

7.4CVSS3.8AI score0.00091EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/02/05 12:0 a.m.1 views

PT-2025-5724 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1 Description: The issue is related to improper input validation, allowing OS...

8.4CVSS9.2AI score0.00604EPSS
Exploits0References12
Tenable Nessus
Tenable Nessusadded 2024/06/03 12:0 a.m.26 views

RHEL 6 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pillow, python-imaging: command injection issue CVE-2014-3007 - python-pillow: Missing check for...

7.8CVSS7.7AI score0.03547EPSS
Exploits2References9
Positive Technologies
Positive Technologiesadded 2023/02/21 12:0 a.m.2 views

PT-2023-19462 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOLink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was discovered. Recommendations: For TOTOLink A7100RU version 7.4cu.2313 B20191024, at the moment, there is no information about a newer version that contain...

9.8CVSS9.7AI score0.02394EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/02/14 12:0 a.m.1 views

PT-2023-19448 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A command injection issue was found via the admuser parameter in the setPasswordCfg function. This allows for potential command injection attacks. Recommendations: For TOTOLINK CA300-PoE versio...

9.8CVSS9.7AI score0.14899EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/27 12:0 a.m.2 views

PT-2022-26875 · Ip Com · Ip-Com Ew9

Name of the Vulnerable Software and Affected Versions: IP-COM EW9 version 15.11.0.149732 Description: A command injection issue was found in the formSetDebugCfg function, which could potentially be exploited. Recommendations: For IP-COM EW9 version 15.11.0.149732, as a temporary workaround,...

9.8CVSS9.7AI score0.11787EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2022/10/25 12:0 a.m.1 views

PT-2022-18600 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the web interface's util set abode code functionality, allowing arbitrary command execution via a specially-crafted HTTP...

9.8CVSS8.1AI score0.01655EPSS
Exploits1References2
CNVD
CNVDadded 2022/03/14 12:0 a.m.8 views

CasaOS Command Injection Vulnerability

CasaOS is a simple, easy-to-use and elegant open source home cloud system. A command injection vulnerability exists in CasaOS versions prior to 0.2.7. The vulnerability stems from the failure of a networked system or product to properly filter special characters, commands, etc. from a user's inpu...

9.8CVSS7.1AI score0.19336EPSS
Exploits1References1
ThreatPost
ThreatPostadded 2021/06/22 6:7 p.m.61 views

Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...

5.8CVSS6.7AI score0.05864EPSS
Exploits0References11
NVD
NVDadded 2021/01/08 6:15 p.m.5 views

CVE-2020-17503

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in splitcardcmd.php in which the http parameter "lockin...

7.2CVSS7.5AI score0.04662EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2020/07/16 12:0 a.m.2 views

PT-2020-6831 · Unknown +5 · Cifs-Utils +5

Name of the Vulnerable Software and Affected Versions: cifs-utils affected versions not specified Description: The issue is related to the mount.cifs command in cifs-utils, which invokes a shell when requesting the Samba password. This could allow an attacker to inject arbitrary commands,...

10CVSS7.1AI score0.8905EPSS
Exploits47References83
Prion
Prionadded 2018/06/02 1:29 a.m.10 views

Command injection

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection issue 32 of 46...

6.5CVSS9.3AI score0.07271EPSS
Exploits2References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2014/06/13 12:0 a.m.28 views

openSUSE Security Update : inn (openSUSE-SU-2012:1171-1)

fix starttls command injection issue CVE-2012-3523, bnc776967 - handle /var/run on tmpfs. bnc778439 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-600. The text description of...

6.8CVSS5.4AI score0.18812EPSS
Exploits0References5
Rows per page
Query Builder