774 matches found
CVE-2024-32738
creationtimestamp| type| source ---|---|--- 2026-06-15 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-06-15 2026-06-19 12:45:06+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f4c874d0-efe3-4080-99e3-295aaae1d5b8...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2022-50993
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
VulnCheck KEV: CVE-2022-50992
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-47615
creationtimestamp| type| source ---|---|--- 2026-04-28 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-04-28 2026-06-23 14:06:14+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ecbb4555-9f0f-4b3e-8f4e-ef150620b440...
CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
VulnCheck KEV: CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2021-4473
Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...
PT-2026-30817
Name of the Vulnerable Software and Affected Versions Tianxin Internet Behavior Management System versions prior to NACFirmware 4.0.0.7 20210716.180815 topsec 0 basic.bin Description The Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter compone...
PT-2026-30819
Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions 10.0 through 20260311 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...
CVE-2018-6605
creationtimestamp| type| source ---|---|--- 2026-04-07 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-04-07 2026-04-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-04-12 2026-04-15 00:00:00+00:00| exploited| The Shadowserver...
CVE-2022-40843
creationtimestamp| type| source ---|---|--- 2026-03-25 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-25 2026-06-19 12:45:36+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/fc0a66cd-19a6-45df-8aba-2fd42e8919fa...
CVE-2019-5434
creationtimestamp| type| source ---|---|--- 2026-03-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-22 2026-03-28 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-28 2026-03-29 00:00:00+00:00| exploited| The...
CVE-2020-10546
creationtimestamp| type| source ---|---|--- 2026-03-17 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-17 2026-06-19 12:45:37+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/0763b7df-d24c-42f4-84b1-024b970185f7...
CVE-2023-40748
creationtimestamp| type| source ---|---|--- 2026-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-01-26 2026-01-27 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mdgnthkkd42i 2026-02-04 00:00:00+00:00| exploited| The...
CVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...
EUVD-2023-60535
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...
CVE-2017-20216
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...