Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

285 matches found

Vulnrichment
Vulnrichmentadded 5 days ago6 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.4AI score0.01988EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/06/05 7:31 p.m.6 views

CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS5.8AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:28 p.m.7 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.5AI score0.00141EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 12:30 p.m.11 views

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
CVE
CVEadded 2026/05/28 9:2 a.m.15 views

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:2 a.m.9 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 9:2 a.m.5 views

CVE-2026-4377 Use of Weak Credentials in D-Link DWR-X1820 router

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.6 views

PT-2026-44226

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
CVE
CVEadded 2026/05/08 2:21 p.m.12 views

CVE-2026-43410

Summary: CVE-2026-43410 affects the Linux kernel firmware driver for Stratix 10 RSU. When RSU is not enabled in the FSBL, the driver can NULL-dereference via svc_normal_to_secure_thread(), causing a kernel panic. The root cause is rsu_send_async_msg() freeing the channel on failure, while the pro...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/08 2:21 p.m.3 views

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

5.8AI score0.00116EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/04 2:52 p.m.22 views

CVE-2025-13605

The CVE-2025-13605 vulnerability affects the 3onedata GW1101-1D(RS-485)-TB-P Modbus gateway (hardware version V2.2.0). An authenticated user can execute arbitrary shell commands with root privileges by supplying a payload in the IP address field of the diagnosis test tools. This issue has a CVSSv...

9.3CVSS6AI score0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 2:52 p.m.6 views

CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS6AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/04 2:52 p.m.43 views

CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/08 7:27 p.m.2 views

CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS6.7AI score0.06165EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/07 3:30 p.m.2 views

EUVD-2021-34776

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS6.7AI score0.06165EPSS
Exploits1References6
CVE
CVEadded 2026/04/07 12:50 p.m.11 views

CVE-2021-4473

CVE-2021-4473 affects the Tianxin Internet Behavior Management System. A command-injection flaw exists in the Reporter component endpoint, allowing unauthenticated attackers to supply an objClass parameter containing shell metacharacters and output redirection to execute arbitrary commands. This ...

9.8CVSS6.7AI score0.06165EPSS
In wildExploits1References5Affected Software1
Cvelist
Cvelistadded 2026/04/07 12:50 p.m.21 views

CVE-2021-4473 Tianxin Internet Behavior Management System Command Injection via toQuery.php

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS0.06165EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/04/07 12:50 p.m.2 views

CVE-2021-4473 Tianxin Internet Behavior Management System Command Injection via toQuery.php

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS6.7AI score0.06165EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEVadded 2026/04/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-4473

Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...

9.8CVSS6.7AI score0.06165EPSS
In wildExploits1References3
EUVD
EUVDadded 2026/03/20 6:31 p.m.4 views

EUVD-2025-208895

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the...

4.2CVSS5.8AI score0.00281EPSS
Exploits0References2
Rows per page
Query Builder