CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15286 matches found

CNNVD•added 2023/07/21 12:0 a.m.•1 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase Inc. A security vulnerability exists in Metabase versions prior to 0.46.6.1 and Metabase Enterprise versions prior to 1.46.6.1, which stems from a vulnerability that allows an attacker to execute arbitrary commands on a...

9.8CVSS9AI score0.97924EPSS

Exploits36References8

BDU FSTEC•added 2023/07/20 12:0 a.m.•8 views

The vulnerability of D-Link DSL-G256DG router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to execute arbitrary commands.

The vulnerability of D-Link DSL-G256DG router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

9CVSS7.9AI score0.01626EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2023/07/20 12:0 a.m.•5 views

The vulnerability of the Free Time WiFi Hotspot function in the microprogrammed networking devices of Zyxel USG FLEX and VPN allows a intruder to execute arbitrary commands.

The vulnerability of the Free Time WiFi Hotspot function in the microprogrammed networking devices of Zyxel USG FLEX and VPN relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execut...

8.8CVSS8AI score0.00692EPSS

Exploits0References3

BDU FSTEC•added 2023/07/20 12:0 a.m.•4 views

The vulnerability of the software file loading function in OMICARD EDM ITPison allows a perpetrator to execute arbitrary commands.

The vulnerability of the software file loading function in OMICARD EDM ITPison involves unlimited loading of dangerous types of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.00928EPSS

Exploits0References3

Positive Technologies•added 2023/07/18 12:0 a.m.•3 views

PT-2023-8781 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to an insufficient comparison in the SolarWinds Platform, which is a software for network monitoring and IT infrastructure management. This allows a remote...

8.3CVSS7.1AI score0.03324EPSS

Exploits0References7

NCSC•added 2023/07/18 12:0 a.m.•8 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...

8.8CVSS7.5AI score0.1014EPSS

Exploits2

BDU FSTEC•added 2023/07/18 12:0 a.m.•6 views

The vulnerability of the 1Panel Linux server’s control panel, related to the failure to eliminate special elements used in the operating system commands, allows a hacker to execute arbitrary commands.

The vulnerability of the 1Panel Linux server’s control panel is related to the lack of measures taken to neutralize special elements used in the operating system when adding container repositories. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS8AI score0.01989EPSS

Exploits1References4Affected Software1

BDU FSTEC•added 2023/07/18 12:0 a.m.•4 views

The vulnerability of D-Link DIR-823G router microprogramming software, related to the failure to take measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of D-Link DIR-823G router microprogramming software is related to the lack of measures taken to neutralize special elements during the processing of the EXCUSHELL header. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially...

5.5CVSS7.7AI score0.29098EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2023/07/17 9:15 p.m.•3 views

CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

8.8CVSS7.7AI score0.00813EPSS

Exploits0References2

CNNVD•added 2023/07/17 12:0 a.m.•5 views

Veritas Technologies Infoscale Operations Manager 代码问题漏洞

Veritas Technologies Infoscale Operations Manager is a suite of software from Veritas Technologies, Inc. that is used to manage the entire InfoScale deployment. The software provides multi-cluster management, customized interfaces and centralized audit logging. A security vulnerability exists in...

8.8CVSS8.3AI score0.00813EPSS

Exploits0References2

Positive Technologies•added 2023/07/17 12:0 a.m.•4 views

PT-2023-26408 · Veritas · Veritas Infoscale Operations Manager

Name of the Vulnerable Software and Affected Versions: Veritas InfoScale Operations Manager VIOM versions prior to 8.0.0.410 Description: The issue allows an authenticated attacker to upload all types of files to the server, which can then be executed to perform command execution on the remote...

8.8CVSS8.8AI score0.00813EPSS

Exploits0References4

CNVD•added 2023/07/14 12:0 a.m.•19 views

Apache RocketMQ Code Injection Vulnerability

Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. Apache RocketMQ suffers from a code injection vulnerability that originates from an extranet leak of the NameServer address and lack of privilege authentication, which can...

9.8CVSS7.7AI score0.90036EPSS

Exploits1References1

NVD•added 2023/07/13 3:15 a.m.•11 views

CVE-2023-38198

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...

9.8CVSS0.00934EPSS

Exploits0References7

OSV•added 2023/07/13 2:15 a.m.•3 views

CVE-2023-37567

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A...

9.8CVSS6AI score0.01764EPSS

Exploits0References3

CVE•added 2023/07/13 1:48 a.m.•33 views

CVE-2023-37568

CVE-2023-37568 affects ELECOM wireless LAN routers WRC-1167GHBK-S (v1.03 and earlier) and WRC-1167GEBK-S (v1.03 and earlier). The vulnerability is a command injection via the router’s web management page that allows a network-adjacent, authenticated attacker to execute arbitrary commands. Exploit...

8CVSS7.9AI score0.00382EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2023/07/13 12:0 a.m.•4 views

The vulnerability in the web interface for operating systems ArubaOS allows a hacker to increase their privileges and execute arbitrary commands.

The vulnerability of the ArubaOS operating system’s web management interface is related to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary...

8.5CVSS7.4AI score0.01195EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2023/07/13 12:0 a.m.•4 views

The vulnerability of the operating system for managing Synology Router Manager allows a hacker to execute arbitrary commands.

The vulnerability of the Synology Router Manager operating system exists because measures to neutralize special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS7.5AI score0.01252EPSS

Exploits0References3Affected Software1