Lucene search
K

13359 matches found

EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-43546

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS7.3AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-43542

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15584

A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...

7.5CVSS6AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-13014

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.00704EPSS
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-13014

The CVE covers Thales CERT "Suspicious" application, affected at versions

9.2CVSS6.4AI score0.00704EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-22100

The CVE-2026-22100 entry describes a command injection in the OCPP DataTransfer message ReserveLogin. By manipulating the data value, arbitrary OS commands can be executed with root privileges. Exploitation details, affected versions, and concrete remediation are not provided in the connected doc...

8.6CVSS6.2AI score0.01036EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday29 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS7.5AI score0.10371EPSS
Exploits8References3
Nuclei
Nuclei
added yesterday23 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS6.3AI score0.36503EPSS
Exploits7References3
Nuclei
Nuclei
added yesterday17 views

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS7.2AI score0.387EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday100 views

YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

10CVSS7.1AI score0.82516EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2025-30007

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References5
NVD
NVD
added 4 days ago9 views

CVE-2025-30007

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS0.02077EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2025-210452

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References4
CVE
CVE
added 4 days ago8 views

CVE-2025-30007

HestiaCP prior to 1.9.5 is affected by an authenticated OS command injection via DNS record management. The vulnerability stems from insufficient input validation in is_dns_record_format_valid() and unsafe eval-based parsing in update_domain_zone(), which can allow a low-privilege authenticated u...

8.8CVSS6.6AI score0.02077EPSS
Exploits0References4
OSV
OSV
added 4 days ago1 views

CVE-2025-30007 HestiaCP < 1.9.5 Authenticated OS Command Injection via DNS Record Management

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.7CVSS6.6AI score0.02077EPSS
Exploits0References7
NVD
NVD
added 4 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00442EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42871

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS0.01331EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42855

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Rows per page
Query Builder