Lucene search
K

19649 matches found

CVE
CVE
added 2026/01/06 3:52 p.m.10 views

CVE-2020-36910

Summary: CVE-2020-36910 affects Cayin Signage Media Player 3.0. An authenticated remote command injection exists in the system.cgi and wizard_system.cgi pages, exploitable via the NTP_Server_IP parameter with default credentials to run arbitrary shell commands as root. The vulnerability has a hig...

8.8CVSS7.9AI score0.01277EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/06 8:5 a.m.12 views

CVE-2026-0581

A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can b...

6.5CVSS7.1AI score0.08247EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.8 views

PT-2026-1521

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...

10CVSS9.6AI score0.12113EPSS
Exploits1References18
OSV
OSV
added 2026/01/05 7:15 p.m.3 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

9.1CVSS6.2AI score0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.3 views

PT-2026-1325

Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...

9.1CVSS7.2AI score0.00692EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.11 views

PT-2026-1228

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...

6.5CVSS7AI score0.08247EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.5 views

D-Link多款产品 访问控制错误漏洞

The D-Link DSL-2740R and other products are products of China AUO D-Link.The D-Link DSL-2740R is a high-performance ADSL router.The D-Link DSL-2640B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed...

9.3CVSS7.9AI score0.00964EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/05 12:0 a.m.24 views

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

0.00692EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/01 5:33 p.m.8 views

CVE-2025-15391

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

6.5CVSS7AI score0.03695EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/31 9:17 p.m.3 views

CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...

9.4CVSS7AI score0.00473EPSS
Exploits1References2
OSV
OSV
added 2025/12/31 9:17 p.m.5 views

CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...

9.4CVSS7.3AI score0.00473EPSS
Exploits1References4
OSV
OSV
added 2025/12/31 6:15 p.m.1 views

CVE-2025-15391

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

9.8CVSS5.7AI score
Exploits0References5
CVE
CVE
added 2025/12/31 5:32 p.m.10 views

CVE-2025-15391

CVE-2025-15391 affects D-Link DIR-806A 100CNb11. The issue stems from the SSDP Request Handler’s ssdpcgi_main function, which fails to properly filter constructed command characters, enabling remote arbitrary command execution via command injection. Multiple connected sources corroborate a remote...

9.8CVSS6.6AI score0.03695EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/31 5:6 p.m.4 views

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

9.8CVSS7.2AI score0.04442EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/31 5:6 p.m.3 views

CVE-2025-15256

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...

9.8CVSS6.9AI score0.03287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/31 9:12 a.m.2 views

CVE-2025-15389 QNO Technology|VPN Firewall - OS Command Injection

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

8.8CVSS7.3AI score0.01053EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/31 12:31 a.m.4 views

EUVD-2022-55944

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.8CVSS7.8AI score0.01261EPSS
Exploits3References4
NVD
NVD
added 2025/12/30 11:15 p.m.5 views

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.8CVSS0.01261EPSS
Exploits3References3
OSV
OSV
added 2025/12/30 11:15 p.m.3 views

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

9.3CVSS6.1AI score0.01261EPSS
Exploits3References3
CVE
CVE
added 2025/12/30 10:41 p.m.12 views

CVE-2022-50691

CVE-2022-50691 affects MiniDVBLinux 5.4. The flaw is a Remote Command Execution via the GET parameter named command on the /tpl/commands.sh endpoint, allowing unauthenticated attackers to execute arbitrary commands with root privileges. Exploitation details in connected sources confirm network-ex...

9.8CVSS8AI score0.01261EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder