Lucene search
K

14 matches found

NVD
NVD
added 2026/05/27 8:16 p.m.29 views

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:15 p.m.50 views

CVE-2026-44887 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...

9.8CVSS0.00545EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:14 p.m.48 views

CVE-2026-44888 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 3:16 p.m.8 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS0.22189EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-25643

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

9.1CVSS5.5AI score0.02874EPSS
Exploits8References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21686

Malware in sbrugna...

10CVSS9.2AI score0.06291EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.38 views

EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-3398)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,...

7.8CVSS7AI score0.52164EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.6 views

PT-2023-5230 · Ge · Ge Cimpicity

Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...

7.8CVSS7.5AI score0.00183EPSS
Exploits0References13
OSV
OSV
added 2022/04/14 4:15 p.m.3 views

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

7CVSS6.7AI score0.00518EPSS
Exploits1References2
NVD
NVD
added 2021/09/07 8:15 p.m.63 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS0.0282EPSS
Exploits1References2
OSV
OSV
added 2021/09/07 8:15 p.m.2 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS5.9AI score0.0282EPSS
Exploits1References2
OSV
OSV
added 2020/12/10 11:15 p.m.4 views

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

9.8CVSS7.4AI score0.06291EPSS
Exploits1References3
NVD
NVD
added 2020/12/10 11:15 p.m.16 views

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

10CVSS9.8AI score0.06291EPSS
Exploits1References3
Prion
Prion
added 2020/12/10 11:15 p.m.13 views

Command injection

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

10CVSS9.7AI score0.06291EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder