Lucene search
K

309 matches found

CVE
CVE
added 2025/08/14 4:29 p.m.21 views

CVE-2025-20238

CVE-2025-20238 affects Cisco Secure Firewall ASA/FTD software. The issue arises from insufficient input validation of user-supplied commands, enabling an authenticated local attacker with valid admin credentials to execute arbitrary commands on the underlying OS with root privileges. Exploitation...

6CVSS7.7AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33325 · Cisco · Cisco Secure Firewall Adaptive Security Appliance (Asa) +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description: A vulnerability exists in Cisco Secure Firewall Adaptive Security Appliance ASA...

6CVSS6.7AI score0.00144EPSS
Exploits0References3
CVE
CVE
added 2025/08/14 12:0 a.m.19 views

CVE-2025-43984

CVE-2025-43984 affects KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2; Software Version: GC111-GL-LM321_V3.0_20191211). An unauthenticated POST to the endpoint /goform/goform_set_cmd_process , using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root priv...

9.8CVSS8.5AI score0.18231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/09 5:29 p.m.12 views

CVE-2025-34148

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject...

9.4CVSS8AI score0.01286EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.17 views

VulnCheck KEV: CVE-2014-125123

An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...

10CVSS6.2AI score0.00696EPSS
In wildExploits0References3
OSV
OSV
added 2025/07/11 3:15 p.m.4 views

CVE-2025-52089

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...

8.8CVSS6AI score0.07063EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.18 views

CVE-2025-34055

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

9.4CVSS8.4AI score0.01531EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.5 views

PT-2025-27248 · Unknown · Sight Bulb Pro

Name of the Vulnerable Software and Affected Versions: Sight Bulb Pro affected versions not specified Description: The issue allows unauthenticated users on an adjacent network to run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This enables an...

5.4CVSS8AI score0.002EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

Puppet Enterprise Administration Module 安全漏洞

Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in the Puppet Enterprise Administration Module versions 2018.1.8 through 2023.8.3 and...

8.8CVSS6.9AI score0.00425EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/06/13 12:15 a.m.1 views

CVE-2025-4230

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this...

8.4CVSS6AI score0.00637EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.6 views

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX series, MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000), allows a hacker to execute arbitrary code.

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX models series MX MX5000, MX5000RE and RX RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 is related to the absence of a mechanism to...

9.9CVSS5.9AI score0.01168EPSS
Exploits0References3Affected Software11
ATTACKERKB
ATTACKERKB
added 2025/06/04 5:15 p.m.2 views

CVE-2025-20278

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied...

6.7CVSS6.1AI score0.00156EPSS
Exploits0References2Affected Software8
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.7 views

CVE-2024-20306

A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...

6.7CVSS7.5AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.10 views

CVE-2023-32612

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

7.2CVSS7.6AI score0.00679EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 10:15 a.m.13 views

CVE-2025-40582

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...

8.5CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 9:39 a.m.55 views

CVE-2025-40582

The CVE-2025-40582 entry concerns Siemens SCALANCE LPE9403 devices with SINEMA Remote Connect Edge Client installed. The vulnerability arises from improper sanitization of configuration parameters, enabling a non-privileged local attacker to execute root commands on the device. Affected products ...

8.5CVSS7.5AI score0.00156EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.8 views

PT-2025-16007 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions affected versions not specified Description: A command injection issue in PAN-OS software allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as a root user. This issue is specifi...

7.1CVSS7.1AI score0.0054EPSS
Exploits0References11
OSV
OSV
added 2025/03/11 10:15 a.m.3 views

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

7.2CVSS5.8AI score0.00466EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.5 views

The vulnerability of the “edgserver” service in the microprogramming software for multifunctional wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the “edgserver” service in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting...

10CVSS5.8AI score0.01285EPSS
Exploits0References3Affected Software3
ATTACKERKB
ATTACKERKB
added 2024/12/06 1:15 p.m.4 views

CVE-2024-10771

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...

8.8CVSS6.4AI score0.01074EPSS
Exploits0References7
Rows per page
Query Builder