CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

102 matches found

RedhatCVE•added 2026/01/09 8:57 a.m.•2 views

CVE-2023-4473

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS8AI score0.3292EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:57 a.m.•5 views

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS7.6AI score0.13405EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-26950

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.05683EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-47455

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.066EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-26949

Malicious code in bioql PyPI...

6.7CVSS6.7AI score0.00278EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-41781

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02145EPSS

Exploits0References2

VulnCheck KEV•added 2025/06/07 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS5.9AI score0.92261EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 9:15 a.m.•3 views

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

6.7CVSS6.9AI score0.00278EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:56 a.m.•6 views

CVE-2024-29976

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...

6.5CVSS6.7AI score0.05683EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:57 a.m.•8 views

CVE-2023-35137

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device...

7.5CVSS7AI score0.00162EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:57 a.m.•5 views

CVE-2023-35138

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS8.1AI score0.09598EPSS

Exploits0

RedhatCVE•added 2025/02/05 8:5 a.m.•1 views

CVE-2024-29972

9.8CVSS8AI score0.92261EPSS

Exploits2References1

RedhatCVE•added 2025/02/05 8:1 a.m.•2 views

CVE-2024-29973

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS7.9AI score0.94034EPSS

Exploits7References1

RedhatCVE•added 2025/02/05 3:10 a.m.•5 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS8.1AI score0.066EPSS

Exploits0References1

GithubExploit•added 2024/10/10 11:48 p.m.•82 views

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 - Remote Command Injection Vulnerability De...

9.8CVSS10AI score0.94034EPSS

Exploits7

The Hacker News•added 2024/09/11 6:30 a.m.•38 views

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 CVSS score: 10.0 - A deserialization of...

10CVSS9.1AI score0.9191EPSS

Exploits4

NVD•added 2024/09/10 2:15 a.m.•17 views

CVE-2024-6342

9.8CVSS0.066EPSS

Exploits0References1

Vulnrichment•added 2024/09/10 1:55 a.m.•14 views

CVE-2024-6342

9.8CVSS8.2AI score0.066EPSS

Exploits0References1

Cvelist•added 2024/09/10 1:55 a.m.•20 views

CVE-2024-6342

9.8CVSS0.066EPSS

Exploits0References1

CVE•added 2024/09/10 1:55 a.m.•91 views

CVE-2024-6342

CVE-2024-6342 affects Zyxel NAS326 and NAS542 devices. The issue lies in the export-cgi program, allowing an unauthenticated attacker to execute OS commands via a crafted HTTP POST request. Affected: NAS326 up to firmware V5.21(AAZF.18)C0 and NAS542 up to V5.21(ABAG.15)C0. Root cause: command inj...

9.8CVSS8.2AI score0.066EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by