CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

ATTACKERKB•added 2026/01/23 4:47 p.m.•2 views

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

8.8CVSS6.5AI score0.00348EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/01/23 12:0 a.m.•3 views

PT-2026-4516

Name of the Vulnerable Software and Affected Versions LiteSpeed Web Server Enterprise version 5.4.11 Description LiteSpeed Web Server Enterprise version 5.4.11 has an issue where a user with administrative privileges can inject commands into the system. This occurs through the 'Command' parameter...

8.8CVSS6AI score0.00348EPSS

Exploits0References6

CNNVD•added 2026/01/19 12:0 a.m.•2 views

TOTOLINK LR350 Command Injection Vulnerability

TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “command” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...

8.8CVSS6.6AI score0.01832EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 10:50 a.m.•6 views

CVE-2022-37081

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg...

7.8CVSS8AI score0.01274EPSS

Exploits1References1

EUVD•added 2025/12/31 9:30 p.m.•3 views

EUVD-2025-206087

meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

8.8CVSS8.1AI score0.00217EPSS

Exploits1References6

NVD•added 2025/12/31 7:15 p.m.•3 views

CVE-2021-47747

8.8CVSS0.00217EPSS

Exploits1References4

Vulnrichment•added 2025/12/30 10:41 p.m.•1 views

CVE-2022-50691 MiniDVBLinux 5.4 Remote Root Command Execution via commands.sh

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.8CVSS8AI score0.00457EPSS

Exploits3References3

Positive Technologies•added 2025/12/30 12:0 a.m.•3 views

PT-2025-54230

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a remote command execution issue that allows unauthenticated attackers to execute arbitrary commands as root. The issue is due to a flaw in the handling of the command GET...

9.8CVSS7.8AI score0.00457EPSS

Exploits3References9

Vulnrichment•added 2025/12/12 7:57 p.m.•1 views

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

8.8CVSS8.7AI score0.00226EPSS

Exploits0References3

EUVD•added 2025/12/12 12:30 a.m.•2 views

EUVD-2024-55323

reNgine 2.2.0 contains a command injection vulnerability in the nmapcmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmapcmd parameter with malicious base64-encoded payloads to achieve remote code execution duri...

8.7CVSS8.4AI score0.01259EPSS

Exploits1References5

Positive Technologies•added 2025/12/12 12:0 a.m.•2 views

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

8.8CVSS8.6AI score0.00226EPSS

Exploits0References6

OSV•added 2025/12/11 10:15 p.m.•0 views

CVE-2024-58287

8.8CVSS6.8AI score

Exploits0References4

Vulnrichment•added 2025/12/11 9:33 p.m.•1 views

CVE-2024-58287 reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

8.7CVSS8.5AI score0.01259EPSS

Exploits1References4

OSV•added 2025/12/04 8:16 p.m.•1 views

CVE-2025-29269

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint...

9.8CVSS5.8AI score

Exploits0References3

CNNVD•added 2025/10/27 12:0 a.m.•1 views

D-Link DI-7001 MINI 命令注入漏洞

The D-Link DI-7001 MINI is a multi-functional intelligent gateway from China AUO D-Link. A command injection vulnerability exists in the D-Link DI-7001 MINI version 19.09.19A1 and version 24.04.18B1, which stems from incorrect manipulation of the parameter cmd in the file /mspinfo.htm, which coul...

9.8CVSS6.8AI score0.00088EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-7172

Malware in sbrugna...

4.3CVSS6.4AI score0.0103EPSS

Exploits1References10

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-5304

Malware in sbrugna...

9.3CVSS6.4AI score0.48631EPSS

Exploits0References9