Lucene search
K

388306 matches found

Nuclei
Nuclei
added 9 hours ago76 views

Kemp LoadMaster Load Balancer - Unauthenticated Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above. ECS: All versions.Multi-Tenancy: 7.1.35.4 and above. id: CVE-2024-7591 info: name: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection autho...

10CVSS7.3AI score0.44069EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago25 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.02073EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago123 views

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...

9.8CVSS7.4AI score0.03848EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago29 views

Chaosblade < 1.7.4 - Remote Code Execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...

8.6CVSS6.1AI score0.01669EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago21 views

SRS - Command Injection

SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerable to a drive-by command injection. id: CVE-2023-34105 info: name: SRS - Command Injection author: iamnoooob,rootxharsh,pdresearch severity: high description: | SRS's v5.0.137v5.0.156, v6.0.18v6.0.47 api-server server is vulnerab...

7.5CVSS7.1AI score0.0876EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago112 views

Linksys RE7000 - Command Injection

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point id: CVE-2024-25852 info: name: Linksys RE7000 - Command Injection author: s4e-io severity: high description: | Linksys RE7000 v2.0.9, v2.0.1...

8.8CVSS7.3AI score0.16519EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago73 views

YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

10CVSS7.4AI score0.82516EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago206 views

Simple Employee Records System 1.0 - Unrestricted File Upload

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution. id: CVE-2019-20183 info: name: Simple Employee Record...

7.2CVSS7.2AI score0.07625EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago26 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.3AI score0.0294EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago59 views

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

10CVSS8AI score0.21842EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago64 views

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

9.8CVSS7.5AI score0.93019EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago37 views

Akkadian Provisioning Manager - Information Disclosure

Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped. id: CVE-2021-31581 info: name: Akkadian Provisionin...

7.9CVSS5.9AI score0.01217EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago40 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.5AI score0.58742EPSS
Exploits6References5
Nuclei
Nuclei
added 9 hours ago68 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.5AI score0.71536EPSS
Exploits7References5
Nuclei
Nuclei
added 9 hours ago128 views

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...

8.8CVSS7.4AI score0.0853EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago73 views

MAGMI - Cross-Site Request Forgery

MAGMI Magento Mass Importer is vulnerable to cross-site request forgery CSRF due to a lack of CSRF tokens. Remote code execution via phpcli command is also possible in the event that CSRF is leveraged against an existing admin session. id: CVE-2020-5776 info: name: MAGMI - Cross-Site Request...

8.8CVSS7.5AI score0.14725EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago61 views

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with th...

6.1CVSS6.8AI score0.97714EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago70 views

exacqVision Web Service - Remote Code Execution

exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker wi...

9CVSS7.7AI score0.0777EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago69 views

Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command. id: CVE-2021-20158 info: name: Trendnet AC2600 TEW-827DRU 2.08B01 - Admin...

9.8CVSS6.8AI score0.4006EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago13 views

Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE

Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...

9.9CVSS6.1AI score0.03464EPSS
Exploits1References4
Rows per page
Query Builder