Lucene search
K

15349 matches found

Nuclei
Nuclei
added 15 hours ago59 views

WAVLINK WN579X3 - Remote Command Execution

Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 route...

9.8CVSS6.4AI score0.0388EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago132 views

FOG Project < 1.5.10.34 - Remote Command Execution

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...

9.8CVSS6.1AI score0.23414EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago174 views

Telesquare TLR-2005KSH - Remote Command Execution

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through...

8.8CVSS6.4AI score0.05848EPSS
Exploits8References5
Nuclei
Nuclei
added 15 hours ago49 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the traceroute function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago21 views

NUUO Camera <=20250203 - OS Command Injection

NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...

7.5CVSS7.2AI score0.51881EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago40 views

JEHC-BPM - Remote Code Execute

A Remote Command Execution vulnerability in the component /server/executeExec of JEHC-BPM = v2.0.1 allows attackers to execute arbitrary code. The vulnerability exists due to insufficient authorization checks in the executeExec endpoint which allows direct command execution. id: CVE-2025-45854...

10CVSS6.3AI score0.02685EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
Nuclei
Nuclei
added 15 hours ago87 views

D-Link DSL 2888a - Authentication Bypass/Remote Command Execution

D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. id: CVE-2020-24579 info: name: D-Li...

8.8CVSS7.1AI score0.09997EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago54 views

Motorola Baby Monitors - Remote Command Execution

Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-3577 info: name: Motorola Baby Monitors - Remote Command Execution author: gy741 severity: high...

8.8CVSS7.1AI score0.59893EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday43 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
Nuclei
Nuclei
added yesterday120 views

TOTOLINK Realtek SD Routers - Remote Command Injection

TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...

9CVSS7.2AI score0.25135EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday96 views

Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. id: CVE-2020-35713 info: name: Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution author: gy741 severity:...

10CVSS7.3AI score0.32704EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday53 views

Flowise < 3.0.1 - Remote Command Execution

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

9.8CVSS7.2AI score0.70866EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday29 views

FortiWeb - Authentication Bypass

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

9.8CVSS7.2AI score0.8936EPSS
Exploits17References4
Nuclei
Nuclei
added yesterday292 views

Apache HugeGraph-Server - Remote Command Execution

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution RC...

9.8CVSS7.2AI score0.9921EPSS
Exploits11References6
CISA KEV Catalog
CISA KEV Catalog
added yesterday31 views

Cisco IOS Cross-Site Request Forgery Vulnerability

Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias exec" command to the /level/15/exec/-/configure/http URI...

9.3CVSS6.3AI score0.12036EPSS
In wildExploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in eth-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3131490d64c4ae90de2926ca90f6fce23e6a113d1e6538db5ce98ffcf06983d1 The top-level ethagent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL...

6.3AI score
Exploits0References3
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43218

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago64 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7AI score0.96281EPSS
Exploits9References5
Nuclei
Nuclei
added 3 days ago213 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.2AI score0.97836EPSS
Exploits1References5
Rows per page
Query Builder