19630 matches found
CVE-2026-10303
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...
CVE-2026-10303
CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...
Node.JS System Information Library <5.3.1 - Remote Command Injection
Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
Barco/AWIND OEM Presentation Platform - Remote Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...
Oracle WebLogic Server - Remote Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...
Webmin <= 1.920 - Unauthenticated Remote Command Execution
Webmin =1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in passwordchange.cgi. id: CVE-2019-15107 info: name: Webmin = 1.920 - Unauthenticated Remote Command Execution author: bp0lr severity: critical description: Webmin =1.920. is vulnerable to an...
Apache Spark UI - Remote Command Injection
Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...
ManageEngine - Remote Command Execution
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...
vBulletin 5.0.0-5.5.4 - Remote Command Execution
vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...
LinuxKI Toolset <= 6.01 - Remote Command Execution
LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. id: CVE-2020-7209 info: name: LinuxKI Toolset = 6.01 - Remote Command Execution author: dwisiswant0 severity: critical description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. impact: | Successful...
F5 iControl REST - Remote Command Execution
F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...
Cisco HyperFlex HX Data Platform - Remote Command Execution
Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...
Oracle Weblogic Server - Remote Command Execution
Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. id: CVE-2020-14882 info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity:...
Atlassian Bitbucket - Remote Command Injection
Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...
CVE-2026-12161
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...
PT-2026-49822
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...
EUVD-2026-36730
Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...
CVE-2026-12219
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...
EUVD-2026-36692
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...