Lucene search
K

54820 matches found

RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-56120

OS Command Injection vulnerability in Ruijie X60 PRO X6010212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS7.9AI score0.02308EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-56117

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

8.8CVSS7.9AI score0.02666EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-56113

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

8.8CVSS7.9AI score0.01451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-56101

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02486EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-56079

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS7.9AI score0.02482EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.7 views

CVE-2025-56095

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

8.8CVSS7.9AI score0.02486EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.6 views

CVE-2025-56085

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS7.9AI score0.02554EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.5 views

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

8.8CVSS7.9AI score0.01809EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.4 views

EUVD-2025-202933

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

8.6CVSS7.8AI score0.00765EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50972

Name of the Vulnerable Software and Affected Versions WonderCMS version 4.3.2 Description WonderCMS version 4.3.2 contains a cross-site scripting issue that allows attackers to inject malicious JavaScript through the module installation endpoint. An attacker can craft a specially designed XSS...

8.8CVSS5.8AI score0.00366EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WonderCMS 跨站脚本漏洞

WonderCMS is an open source PHP-based content management system CMS from WonderCMS, Inc. A cross-site scripting vulnerability exists in WonderCMS version 4.3.2, which stems from the presence of cross-site scripting in the module installation endpoints, which could lead to the injection of malicio...

8.8CVSS6.4AI score0.00366EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:4368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4368-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation...

5.5CVSS6.3AI score0.00345EPSS
Exploits0References7
Oracle linux
Oracle linux
added 2025/12/12 12:0 a.m.13 views

Unbreakable Enterprise kernel security update

5.4.17-2136.350.3.1 - Reapply 'cpuidle: menu: Avoid discarding useful information' Harshvardhan Jha Orabug: 38744458 - fbcon: fix integer overflow in font allocation Samasth Norway Ananda Orabug: 38744453 5.4.17-2136.350.3 - net/rds: Fix rsrecvpending counting issue Gerd Rausch Orabug: 38506370...

5.5CVSS7.7AI score0.00358EPSS
Exploits3
NVD
NVD
added 2025/12/11 10:15 p.m.10 views

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

8.8CVSS0.00765EPSS
Exploits1References6
CVE
CVE
added 2025/12/11 9:44 p.m.13 views

CVE-2025-34506

WBCE CMS is affected: version 1.6.3 and earlier are vulnerable to authenticated remote code execution via uploading a malicious module. The flaw arises when an administrator can upload a ZIP module containing embedded PHP reverse shell code, enabling remote system access when installed. Exploitat...

8.8CVSS7.9AI score0.00765EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/12/11 9:44 p.m.26 views

CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

8.6CVSS0.00765EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/11 9:44 p.m.3 views

CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

8.6CVSS7.9AI score0.00765EPSS
Exploits1References6
CVE
CVE
added 2025/12/11 9:39 p.m.13 views

CVE-2025-66419

CVE-2025-66419 affects MaxKB: the tool module in versions 2.3.1 and earlier allows an attacker to escape the sandbox and escalate privileges under certain concurrent conditions. Consequences are privilege elevation and potential broader impact within affected deployments. The issue has a fixed re...

10CVSS6.7AI score0.00272EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/12/11 9:36 p.m.20 views

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

8.7CVSS0.03118EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:36 p.m.4 views

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

8.7CVSS8.6AI score0.03118EPSS
Exploits1References4
Rows per page
Query Builder