Lucene search
+L

100 matches found

cve
cve
added 2025/02/18 7:57 a.m.2034 views

CVE-2025-0422

Cordaware bestinformed Web is affected by CVE-2025-0422: an authenticated user who can create ScriptVars of type 'script' and preview them (e.g., via Info) can execute commands on the server, i.e., Remote Code Execution. Admin permissions enable this by default, but granular permissions can allow...

8.6CVSS7.2AI score0.0083EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/02/18 12:0 a.m.9 views

PT-2025-6783 · Unknown · Bestinformed Web

Name of the Vulnerable Software and Affected Versions: BestInformed Web affected versions not specified Description: The issue allows an authenticated user in the BestInformed Web application to execute commands on the underlying server running the application, which is a case of remote code...

8.6CVSS7.9AI score0.0083EPSS
Exploits1References7
redhatcve
redhatcve
added 2025/02/05 2:25 a.m.9 views

CVE-2024-24809

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS6.9AI score0.54413EPSS
Exploits9References1
redhatcve
redhatcve
added 2025/02/05 1:54 a.m.10 views

CVE-2024-2662

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it...

7.2CVSS7.7AI score0.01749EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/28 3:24 p.m.26 views

CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...

9.9CVSS0.03464EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/01/28 12:0 a.m.5 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is a Tandoor Recipes open source application for managing recipes, planning meals, creating shopping lists, and more. A security vulnerability exists in Tandoor Recipes versions prior to 1.5.24 that originates from allowing any user to execute commands on the server...

9.9CVSS6.9AI score0.03464EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/10/14 12:0 a.m.8 views

PT-2024-6816 · Moxa · Moxa Nat-102 Oncell G4302-Lte4 +5

Name of the Vulnerable Software and Affected Versions: Moxa EDR-8010 versions affected versions not specified Moxa EDR-G9004 versions affected versions not specified Moxa EDR-G9010 versions affected versions not specified Moxa EDR-G1002-BP versions affected versions not specified Moxa NAT-102...

9.7CVSS7.8AI score0.00504EPSS
Exploits0References20
githubexploit
githubexploit
added 2024/09/23 3:47 a.m.624 views

Exploit for Unrestricted Upload of File with Dangerous Type in Mayurik Best_House_Rental_Management_System

CVE-2024-46377 PoC for Arbitrary File Upload Vulnerability...

9.8CVSS7.2AI score0.01213EPSS
Exploits1
cnvd
cnvd
added 2024/07/05 12:0 a.m.18 views

MongoDB Input Validation Error Vulnerability (CNVD-2024-31402)

MongoDB is a document-oriented database management system of the U.S. MongoDB company. An input validation error vulnerability exists in MongoDB that stems from incorrectly handling certain string inputs, which can be exploited by an attacker to cause the driver to construct unintended server...

7.5CVSS6.6AI score0.00277EPSS
Exploits0References1
cve
cve
added 2024/07/02 5:17 p.m.56 views

CVE-2024-6382

The CVE-2024-6382 issue affects the MongoDB Rust Driver: vulnerable in 2.0.x releases prior to 2.8.2. The root cause is incorrect handling of certain string inputs, which can cause the driver to construct unintended server commands. Impact described across sources includes unexpected application ...

7.5CVSS6.4AI score0.00277EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/07/02 5:17 p.m.7 views

CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

6.4CVSS5.9AI score0.00277EPSS
Exploits0References3
mongodb
mongodb
added 2024/07/02 5:17 p.m.31 views

Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

7.5CVSS6.8AI score0.00277EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.6 views

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti that stems from the presence of ...

10CVSS8.1AI score0.94294EPSS
Exploits4References5
cnnvd
cnnvd
added 2024/04/04 12:0 a.m.5 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A cross-site scripting vulnerability exists in SiYuan version 3.0.3 that originates from allowing an attacker to execute arbitrary commands on the server...

9CVSS6.7AI score0.0073EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2024/02/14 12:0 a.m.6 views

The vulnerability of the ILIAS learning management system and support process, which stems from insufficient validation of input data, allows a perpetrator to execute arbitrary system commands on the application server.

The vulnerability of the ILIAS learning management and support system exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands on the application server using a specially crafted file...

9CVSS7.5AI score0.00791EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/02/08 12:0 a.m.6 views

Akaunting Operating System Command Injection Vulnerability

Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...

9.8CVSS7.6AI score0.30036EPSS
Exploits3References6
cnnvd
cnnvd
added 2023/12/08 12:0 a.m.4 views

Collabora Online Security Breach

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 23.5.602 that stems from vulnerability to modified...

7.2CVSS6.8AI score0.00496EPSS
Exploits0References2
susecve
susecve
added 2023/09/23 2:8 a.m.4 views

SUSE CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

8.3CVSS7AI score0.0147EPSS
Exploits0References3
attackerkb
attackerkb
added 2023/09/22 2:15 p.m.5 views

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

8.8CVSS6AI score0.0147EPSS
Exploits0References5
prion
prion
added 2023/06/24 12:15 a.m.35 views

Authentication flaw

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

5.8CVSS7.1AI score0.0099EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder