CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

276 matches found

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

8.8CVSS8.2AI score0.93236EPSS

Exploits7References3

Nuclei•added yesterday•12 views

Zeroshell 3.9.3 - Command Injection

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. id: CVE-2020-29390 info: name: Zeroshell 3.9.3 - Command...

10CVSS7.9AI score0.90592EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 12:34 p.m.•9 views

CVE-2023-45239

A lack of input validation exists in tacplus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tacplus to inject shell commands and gain remote code execution on the tacplus server...

9.8CVSS7.9AI score0.28689EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:12 p.m.•4 views

CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

10CVSS7.4AI score0.02464EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:6 a.m.•4 views

CVE-2024-34352

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

7.5CVSS6.9AI score0.0219EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:13 a.m.•8 views

CVE-2024-2853

A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The...

9.8CVSS7.4AI score0.0141EPSS

Exploits1References1