Lucene search
K

19628 matches found

CVE
CVE
added 2026/02/06 4:58 p.m.20 views

CVE-2025-64111

Summary: CVE-2025-64111 affects Gogs prior to 0.13.4 and 0.14.0+dev, where an insufficient patch for CVE-2024-56731 lets an attacker update files in the .git directory via the API router and achieve remote code execution (RCE). Documents confirm the root cause relates to UpdateRepoFile checks inv...

9.8CVSS5.4AI score0.01229EPSS
Exploits3References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/06 2:4 p.m.5 views

Malicious code in gridifies (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5b003711060bdfd51eddae8b2ec6fc00313aee8bb480e9017b5ad5d03dbf567c Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

5.8AI score
Exploits0References3
NVD
NVD
added 2026/02/06 7:16 a.m.7 views

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

7.2CVSS0.1424EPSS
Exploits1References4
OSV
OSV
added 2026/02/06 7:16 a.m.4 views

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

7.2CVSS5.5AI score
Exploits0References4
EUVD
EUVD
added 2026/02/06 6:32 a.m.5 views

EUVD-2026-5693

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

5.8CVSS5AI score0.1424EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/06 6:32 a.m.34 views

CVE-2026-2000 DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

5.8CVSS0.1424EPSS
Exploits1References4
CVE
CVE
added 2026/02/06 6:32 a.m.11 views

CVE-2026-2000

CVE-2026-2000 affects DCN DCME-320 Web Management Backend. The vulnerability is in apply_config() handling of the ip_list argument in /function/system/basic/bridge_cfg.php, where manipulation leads to command injection. It is remotely exploitable and exploits have been published. Public reports (...

7.2CVSS5AI score0.1424EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:32 a.m.5 views

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

5.8CVSS5.2AI score0.1424EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6760

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X version 250416 that allows for operating system command injection. This is due to a manipulation possibility within the sub 424D20 function of the /goform/set ipv6...

5.8CVSS5.4AI score0.0391EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6784

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...

9.1CVSS5.7AI score0.02874EPSS
Exploits8References10
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6775

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security flaw exists in the D-Link DIR-823X version 250416. The issue is located in the Web Management Interface, specifically within the file /goform/set ac server. Manipulation of the ac server...

5.8CVSS5.4AI score0.04016EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6745

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...

9.9CVSS6.3AI score0.27661EPSS
Exploits45References121
The Hacker News
The Hacker News
added 2026/02/05 6:16 a.m.19 views

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...

9.9CVSS7.9AI score0.97875EPSS
Exploits32
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

Edimax EW-7438RPn-v3 Mini 操作系统命令注入漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini has a vulnerability related to operating system command injection. This vulnerability stems from remote command execution at the /goform/mp endpoint,...

9.8CVSS6.1AI score0.06301EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/04 4:46 p.m.28 views

CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

9.4CVSS0.01196EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.16 views

Maltrail <=0.54 Username Parameter - Remote Command Execution

Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. id: CVE-2025-34073 info: name: Maltrail =0.54 Username Parameter - Remote Command Execution author: SeungAh-Hong severity: critical...

10CVSS7.4AI score0.03884EPSS
Exploits1References4
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.12 views

Digiever DS-2105 Pro - Command Injection

Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized input in timetzsetup.cgi, letting attackers execute arbitrary commands remotely, exploit requires no authentication. id: CVE-2023-52163 info: name: Digiever DS-2105 Pro - Command Injection author: rajesh-social-te...

8.8CVSS8.2AI score0.96285EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.14 views

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

10CVSS7.4AI score0.99614EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

9.4CVSS5.8AI score0.18536EPSS
Exploits2References2
Rows per page
Query Builder