Lucene search
K

71111 matches found

Nuclei
Nuclei
added yesterday91 views

Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection

Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this...

9.8CVSS7.4AI score0.64832EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday246 views

Node.js Embedded JavaScript 3.1.6 - Template Injection

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...

9.8CVSS6.9AI score0.32386EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday35 views

Yachtcontrol Webapplication 1.0 - Remote Command Injection

Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...

10CVSS7.2AI score0.58879EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday62 views

Barco/AWIND OEM Presentation Platform - Remote Command Injection

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS7.4AI score0.98952EPSS
Exploits10References5
Nuclei
Nuclei
added yesterday24 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday10 views

APsystems ECU-R Firmware - Command Injection

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity:...

9.8CVSS7.6AI score0.76604EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday67 views

F5 BIG-IP Appliance Mode - Command Injection

When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...

9.8CVSS7.6AI score0.99956EPSS
Exploits70References5
Nuclei
Nuclei
added yesterday46 views

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: |...

9.8CVSS7.3AI score0.06172EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday23 views

Kemp LoadMaster Load Balancer - Unauthenticated Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above. ECS: All versions.Multi-Tenancy: 7.1.35.4 and above. id: CVE-2024-7591 info: name: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection autho...

10CVSS7.5AI score0.44069EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday27 views

TotoLink Router setPortForwardRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. id: CVE-2024-24329 info: name: TotoLink Router setPortForwardRules - Command Injection author: pussycat0x severity: critical description...

9.8CVSS7.3AI score0.06172EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday82 views

Linksys RE7000 - Command Injection

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point id: CVE-2024-25852 info: name: Linksys RE7000 - Command Injection author: s4e-io severity: high description: | Linksys RE7000 v2.0.9, v2.0.1...

8.8CVSS7.5AI score0.16519EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday34 views

Fujian Kelixin Communication - Command Injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. id: CVE-2024-2621 info: name: Fujian Kelixin Communication - Command...

9.8CVSS6.4AI score0.0194EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday23 views

CyberPanel - Command Injection

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters. id: CVE-2024-51568 info: name: CyberPanel - Comman...

10CVSS7.9AI score0.45682EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday109 views

reNgine 2.2.0 - Command Injection

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput. id: CVE-2023-50094 info: name: reNgine 2.2.0 - Command Injection...

8.8CVSS7.3AI score0.1354EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday31 views

TerraMaster TOS <.1.29 - Remote Code Execution

TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...

10CVSS7.3AI score0.28495EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday26 views

Enigma NMS < 65.0.0 - Authenticated OS Command Injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...

10CVSS7.7AI score0.25279EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday27 views

Pandora FMS 7.0NG - Remote Command Injection

Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...

9CVSS7.5AI score0.50615EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday56 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.6AI score0.25889EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday21 views

SRS - Command Injection

SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerable to a drive-by command injection. id: CVE-2023-34105 info: name: SRS - Command Injection author: iamnoooob,rootxharsh,pdresearch severity: high description: | SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerab...

7.5CVSS7.1AI score0.0876EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday395 views

LearnPress < 4.2.5.8 - Remote Code Execution

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

9.8CVSS7.5AI score0.08544EPSS
Exploits1References5
Rows per page
Query Builder