Lucene search
K

19649 matches found

EUVD
EUVD
added 2025/12/26 6:30 p.m.7 views

EUVD-2005-4893

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.8CVSS6.7AI score0.01781EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/26 3:3 p.m.13 views

CVE-2025-15081

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.6AI score0.02347EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/26 4:33 a.m.7 views

Malicious code in aiogram-3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d8dac0d1eb98dbfc0fe46cabeadb550699f5e41b5d033ded073f7572f450bf7 During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

7.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/25 3:2 p.m.4 views

CVE-2025-15081 JD Cloud BE6500 jdcapi sub_4780 command injection

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.4AI score0.02347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.6 views

PT-2025-53404

Name of the Vulnerable Software and Affected Versions JD Cloud BE6500 version 4.4.1.r4308 Description A command injection issue exists in JD Cloud BE6500 version 4.4.1.r4308. The issue is located in the /jdcapi file and affects the sub 4780 function. Manipulation of the ddns name argument can lea...

6.5CVSS7.1AI score0.02347EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/24 11:35 p.m.16 views

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

9.8CVSS7.2AI score0.11343EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

8.8CVSS7.8AI score0.02325EPSS
Exploits2References3
CVE
CVE
added 2025/12/24 7:27 p.m.19 views

CVE-2019-25243

FaceSentry 6.4.8 has an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php. The root cause is unsanitized inputs in strInIP/strInPort, enabling arbitrary shell commands with root privileges. Affected product: FaceSentry 6.4.8. Impact is described as high. Rem...

8.8CVSS7.8AI score0.02325EPSS
Exploits2References3Affected Software1
GithubExploit
GithubExploit
added 2025/12/24 3:22 p.m.150 views

riello-multiple-vulnerabilities-2025

Riello UPS with NetMan 208 - Vulnerability Disclosure During...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.8 views

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

8.8CVSS8.2AI score0.02325EPSS
Exploits2References5
NVD
NVD
added 2025/12/23 11:15 p.m.5 views

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

9.8CVSS0.11343EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2025/12/23 10:32 p.m.3 views

CVE-2025-15048

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has bee...

9.8CVSS5.4AI score0.11343EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2025/12/23 9:54 a.m.149 views

Exploit for Code Injection in Laravel Livewire

Livepyre A tool designed to exploit CVE-2025-54068 an...

9.8CVSS5.8AI score0.95376EPSS
Exploits5
Redos
Redos
added 2025/12/23 12:0 a.m.6 views

ROS-20251223-7314

A vulnerability in the Snapshot/Restore commands of the AdminServer component of the centralized service for maintaining configuration information, naming, providing distributed synchronization, and provisioning Apache ZooKeeper group services is related to incorrect handling of insufficient...

4.3CVSS7.7AI score0.00294EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-52857

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A flaw exists in the Tenda WH450 device. This issue affects an unspecified function within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of the...

9.8CVSS6.7AI score0.11343EPSS
Exploits1References10
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.19 views

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.8CVSS0.0303EPSS
Exploits2References4
CVE
CVE
added 2025/12/22 9:37 p.m.11 views

CVE-2023-53963

CVE-2023-53963 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x and describes an unauthenticated OS command injection via the password parameter in login.php and index.php, enabling remote command execution with web server privileges. Public references document a PoC and multiple exploits (e.g., Exploi...

9.8CVSS8.2AI score0.0303EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/22 9:37 p.m.2 views

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.8CVSS8.2AI score0.0303EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

Sound4 IMPACT 操作系统命令注入漏洞

Sound4 IMPACT is a professional broadcast audio processor from Sound4 France. An OS command injection vulnerability exists in Sound4 IMPACT v2.x. The vulnerability stems from an OS command injection in the password parameter, which could lead to remote command execution...

9.8CVSS7.8AI score0.0303EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/12/19 5:22 p.m.6 views

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

8.6CVSS7.1AI score0.09358EPSS
Exploits1References1
Rows per page
Query Builder