CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

732 matches found

Vulnrichment•added 2025/11/27 1:42 p.m.•2 views

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

9.3CVSS7.2AI score0.00328EPSS

Exploits0References2

Cvelist•added 2025/11/27 1:42 p.m.•9 views

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

9.3CVSS0.00328EPSS

Exploits0References2

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2015-20107)

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

8CVSS6.8AI score0.00801EPSS

Exploits1References4

CVE•added 2025/10/30 9:32 p.m.•7 views

CVE-2013-10073

CVE-2013-10073 affects Nagios XI versions prior to 2012R1.6. The Auto-Discovery tool accepts user-controlled input that is passed to a shell without adequate sanitation or argument quoting, enabling an authenticated user with discovery access to execute arbitrary commands with the privileges of t...

8.8CVSS7.6AI score0.01806EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/30 9:32 p.m.•8 views

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

8.7CVSS0.01806EPSS

Exploits0References2

Vulnrichment•added 2025/10/30 9:32 p.m.•2 views

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

8.7CVSS7.6AI score0.01806EPSS

Exploits0References2

Positive Technologies•added 2025/10/30 12:0 a.m.•2 views

PT-2025-44535

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.6 Description Nagios XI versions prior to 2012R1.6 contain a shell command injection issue in the Auto-Discovery tool. User-controlled input is passed to a shell without proper sanitization or argument quotin...

8.8CVSS7.8AI score0.01806EPSS

Exploits0References4

Cvelist•added 2025/10/24 10:6 a.m.•6 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

0.00212EPSS

Exploits0References2