Lucene search
K

45249 matches found

Nuclei
Nuclei
added 10 hours ago59 views

WAVLINK WN579X3 - Remote Command Execution

Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 route...

9.8CVSS6.4AI score0.0388EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago132 views

FOG Project < 1.5.10.34 - Remote Command Execution

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...

9.8CVSS6.1AI score0.23414EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago174 views

Telesquare TLR-2005KSH - Remote Command Execution

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through...

8.8CVSS6.4AI score0.05848EPSS
Exploits8References5
Nuclei
Nuclei
added 10 hours ago49 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the traceroute function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago21 views

NUUO Camera <=20250203 - OS Command Injection

NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...

7.5CVSS7.2AI score0.51881EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago40 views

JEHC-BPM - Remote Code Execute

A Remote Command Execution vulnerability in the component /server/executeExec of JEHC-BPM = v2.0.1 allows attackers to execute arbitrary code. The vulnerability exists due to insufficient authorization checks in the executeExec endpoint which allows direct command execution. id: CVE-2025-45854...

10CVSS6.3AI score0.02685EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
Nuclei
Nuclei
added 10 hours ago54 views

Motorola Baby Monitors - Remote Command Execution

Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-3577 info: name: Motorola Baby Monitors - Remote Command Execution author: gy741 severity: high...

8.8CVSS7.1AI score0.59893EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago137 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.2AI score0.03817EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago87 views

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

8.8CVSS7.1AI score0.09997EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 11 hours ago7 views

CVE-2026-15669

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS5.7AI score
Exploits0References8Affected Software1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-61498 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-60121

CVE-2026-60121 affects Vitec Flamingo 4.12.2. An unauthenticated OS command injection exists in admin/ajax/ping.php due to a double-evaluation flaw in shell argument handling: user-supplied host POST parameter is escaped with escapeshellarg() for a system wrapper, but the decoded value is taken f...

9.8CVSS6.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-59856

A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remo...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References5
NVD
NVD
added yesterday4 views

CVE-2026-22100

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS0.01036EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-22100 Comnand injection in OCPP ReserveLogin message

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS0.01036EPSS
Exploits0References1
Veracode
Veracode
added yesterday4 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
Nuclei
Nuclei
added yesterday43 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
Nuclei
Nuclei
added yesterday120 views

TOTOLINK Realtek SD Routers - Remote Command Injection

TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...

9CVSS7.2AI score0.25135EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday291 views

Apache HugeGraph-Server - Remote Command Execution

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution RC...

9.8CVSS7.2AI score0.9921EPSS
Exploits11References6
Rows per page
Query Builder