Lucene search
K

514 matches found

NVD
NVD
added 2025/05/01 6:15 p.m.10 views

CVE-2025-44860

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.5CVSS0.00903EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.12 views

CVE-2025-44846

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:41 p.m.6 views

CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

7.2CVSS7.7AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 12:0 a.m.7 views

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

9.8AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/04 6:32 a.m.7 views

CVE-2025-0415

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for...

9.2CVSS8.1AI score0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/11 12:0 a.m.22 views

CVE-2025-25524

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

0.00163EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/07 12:0 a.m.5 views

Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...

6.7CVSS5.9AI score0.00171EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/04 12:0 a.m.7 views

Cisco NX-OS Command Injection (CVE-2017-12339)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

5.7CVSS6.2AI score0.007EPSS
Exploits0References7
CVE
CVE
added 2024/11/01 12:0 a.m.56 views

CVE-2024-51247

Affects DrayTek Vigor3900 firmware, version 1.5.1.3. The vulnerability arises from lack of neutralization of special elements in the operating system command used by the doPPPo function in the mainfunction.cgi script, enabling a remote attacker to inject and execute arbitrary commands. Documented...

8.8CVSS7.8AI score0.00777EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/11/01 12:0 a.m.52 views

CVE-2024-51248

The CVE-2024-51248 entry affects DrayTek Vigor3900 firmware (version 1.5.1.3). The root cause is lack of proper neutralization in the modifyrow function within mainfunction.cgi, enabling an attacker to inject commands and execute arbitrary code. Exploitation details are described across multiple ...

8.8CVSS7.8AI score0.00777EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.12 views

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

7.7AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/10/18 5:10 p.m.17 views

CVE-2024-27766

Disputed A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

5.5CVSS6AI score0.01186EPSS
Exploits2References4
CVE
CVE
added 2024/10/16 4:16 p.m.59 views

CVE-2024-20459

The CVE-2024-20459 entry applies to Cisco ATA 190 Multiplatform Series analog telephone adapters. The issue stems from a lack of input sanitization in the web-based management interface, enabling an authenticated, high-privilege attacker to execute arbitrary commands on the underlying OS as root ...

7.2CVSS7AI score0.00682EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/13 12:0 a.m.55 views

CVE-2024-42737

The CVE-2024-42737 vulnerability affects TOTOLINK X5000r (version 9.1.0cu.2350_b20230313) where the CGI endpoint /cgi-bin/cstecgi.cgi contains an OS command injection in the delBlacklist function. An attacker can send a malicious packet to execute arbitrary commands on the affected device. The is...

9.8CVSS8.3AI score0.01677EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/07 4:46 p.m.22 views

CVE-2024-20450

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...

9.8CVSS8.6AI score0.07225EPSS
Exploits0References1
NVD
NVD
added 2024/07/17 5:15 p.m.30 views

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

7.2CVSS0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.1 views

SeaCMS 安全漏洞

SeaCMS is an open source content management system based on PHP+MySql technology. A security vulnerability exists in the SeaCMS adminweixin.php processing parameter, which can be exploited by an authenticated remote attacker to submit a special request that can be used to execute arbitrary comman...

8.8CVSS7.4AI score0.01165EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...

9.8CVSS8.8AI score0.06331EPSS
Exploits1References4
CVE
CVE
added 2024/05/16 4:32 p.m.114 views

CVE-2024-27260

CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...

8.4CVSS7AI score0.0023EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2024/05/15 12:0 a.m.38 views

Microsoft Windows Multiple Vulnerabilities (KB5037788)

This host is missing a critical security update according to Microsoft KB5037788 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.11471EPSS
Exploits4References3
Rows per page
Query Builder