Lucene search
K

19630 matches found

CVE
CVE
added 2026/01/26 1:32 a.m.14 views

CVE-2026-1413

Sangfor Operation and Maintenance Security Management System up to 3.0.12 contains a command injection in the HTTP POST Request Handler’s portValidate function, located in /fort/ip_and_port/port_validate. An attacker can remotely manipulate the port argument to execute arbitrary commands. Multipl...

9.8CVSS5.5AI score0.02801EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/26 1:15 a.m.5 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

9.8CVSS5.6AI score0.03946EPSS
Exploits1References4
CVE
CVE
added 2026/01/26 1:2 a.m.15 views

CVE-2026-1412

Sangfor Operation and Maintenance Security Management System (up to version 3.0.12) is affected by a command injection in the HTTP POST Request Handler, specifically the /fort/audit/get_clip_img function. Exploiting manipulation of the frame/dirno argument enables remote code execution, with the ...

9.8CVSS7.3AI score0.03946EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:2 a.m.2 views

CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

7.5CVSS5.6AI score0.03946EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4717

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lea...

6.5CVSS6.4AI score0.04451EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4722

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...

5.8CVSS5.6AI score0.15138EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.12 views

PT-2026-6970

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in the DDNS Service component of D-Link DIR-823X version 250416. The issue relates to the processing of the /goform/set ddns file. Manipulation of the ddnsType, ddnsDomainName,...

9CVSS5.7AI score0.04317EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.5 views

CVE-2026-0781

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.5AI score0.01497EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4760

CVE-2026-24642 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2026-24642 Published : Jan. 24, 2026, 4:15 a.m. | 1 hour, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2025-36588

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

8.8CVSS5.8AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.5 views

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

9.8CVSS7.6AI score0.06437EPSS
Exploits1References1
Saint
Saint
added 2026/01/23 12:0 a.m.105 views

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

GitHub Kanban MCP Server: Operating System Command Injection Vulnerability

GitHub Kanban MCP Server is an application developed by Maki, a personal developer. The GitHub Kanban MCP Server has a vulnerability related to operating system command injection. This vulnerability arises from executing system calls without validating user input when processing the createissue...

9.8CVSS7.3AI score0.01815EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4517

Name of the Vulnerable Software and Affected Versions PhreeBooks version 5.2.3 Description PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to...

8.8CVSS6.4AI score0.00614EPSS
Exploits0References7
Saint
Saint
added 2026/01/23 12:0 a.m.116 views

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/22 8:43 p.m.161 views

Exploit for CVE-2024-9932

CVE-2024-9932 / 0-Click RCE Exploit - Author: Joshua Provoste...

9.8CVSS6.1AI score0.37815EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/01/22 8:29 p.m.163 views

Exploit for Code Injection in Lubus Wp_Query_Console

CVE-2024-50498 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.4AI score0.5364EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/01/22 6:57 p.m.159 views

Exploit for CVE-2024-51791

CVE-2024-51791 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.1AI score0.00609EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/01/22 5:48 p.m.162 views

Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

CVE-2024-51793 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.2AI score0.01794EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/22 5:34 p.m.8 views

CVE-2021-47770

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network...

8.8CVSS6.4AI score0.00634EPSS
Exploits0References1
Rows per page
Query Builder