Lucene search
K

19630 matches found

NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 6:24 p.m.15 views

CVE-2026-10303

CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...

7.4CVSS5.5AI score0.00757EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.58 views

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

7.8CVSS7.5AI score0.9024EPSS
Exploits4References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.433 views

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

10CVSS7.4AI score0.98326EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.57 views

Barco/AWIND OEM Presentation Platform - Remote Command Injection

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS8.5AI score0.98952EPSS
Exploits10References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.226 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.9AI score0.99964EPSS
Exploits35References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.159 views

Webmin <= 1.920 - Unauthenticated Remote Command Execution

Webmin =1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in passwordchange.cgi. id: CVE-2019-15107 info: name: Webmin = 1.920 - Unauthenticated Remote Command Execution author: bp0lr severity: critical description: Webmin =1.920. is vulnerable to an...

10CVSS8.9AI score0.99766EPSS
Exploits37References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.95 views

Apache Spark UI - Remote Command Injection

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...

8.8CVSS8.5AI score0.92984EPSS
Exploits12References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.122 views

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

9.8CVSS9.4AI score0.99753EPSS
Exploits15References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.40 views

vBulletin 5.0.0-5.5.4 - Remote Command Execution

vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...

9.8CVSS9.2AI score0.99728EPSS
Exploits27References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.33 views

LinuxKI Toolset <= 6.01 - Remote Command Execution

LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. id: CVE-2020-7209 info: name: LinuxKI Toolset = 6.01 - Remote Command Execution author: dwisiswant0 severity: critical description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. impact: | Successful...

9.8CVSS8.8AI score0.98846EPSS
Exploits10References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.52 views

F5 iControl REST - Remote Command Execution

F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...

10CVSS9AI score0.99898EPSS
Exploits20References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.45 views

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

10CVSS8.5AI score0.99999EPSS
Exploits6References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.56 views

Oracle Weblogic Server - Remote Command Execution

Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. id: CVE-2020-14882 info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity:...

10CVSS8.9AI score0.99997EPSS
Exploits41References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.57 views

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

8.8CVSS9AI score0.99174EPSS
Exploits24References5
NVD
NVD
added 2026/06/16 1:16 a.m.9 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

8.8CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.7 views

PT-2026-49822

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS5.4AI score0.00757EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/15 3:10 p.m.9 views

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.3AI score0.00865EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 a.m.12 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:30 a.m.10 views

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
Rows per page
Query Builder