CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1774 matches found

Vulnrichment•added 2025/10/30 9:32 p.m.•1 views

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

8.7CVSS7.6AI score0.01806EPSS

Exploits0References2

OSV•added 2025/10/30 8:15 p.m.•1 views

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS6AI score0.00581EPSS

Exploits0References3

Positive Technologies•added 2025/10/30 12:0 a.m.•2 views

PT-2025-44535

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.6 Description Nagios XI versions prior to 2012R1.6 contain a shell command injection issue in the Auto-Discovery tool. User-controlled input is passed to a shell without proper sanitization or argument quotin...

8.8CVSS7.8AI score0.01806EPSS

Exploits0References4

OSV•added 2025/10/29 3:39 p.m.•2 views

GHSA-RJ5C-58RQ-J5G5 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name

Summary A command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor Details 1. generatecursordeeplinkservername, … embeds servername verbatim in a cursor://…?name= query string...

5.4CVSS7.7AI score0.00049EPSS

Exploits1References3

GithubExploit•added 2025/10/28 7:50 p.m.•106 views

WordPressCVEExploitProject

CVE Session 1 How to Run exploit 1. Build the docker...

6.7AI score

Exploits0

Cvelist•added 2025/10/24 10:6 a.m.•4 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

0.00212EPSS

Exploits0References2

Cvelist•added 2025/10/22 2:21 p.m.•7 views

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

10CVSS0.0122EPSS

Exploits2References5

VulnCheck KEV•added 2025/10/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-15048

10CVSS6.1AI score0.0122EPSS

In wildExploits2References3

CNNVD•added 2025/10/15 12:0 a.m.•2 views

BESTWOND Intelligent Flow Control Router 安全漏洞

BESTWOND Intelligent Flow Control Router is an intelligent flow control router from China's BESTWOND. A security vulnerability exists in the BESTWOND Intelligent Flow Control Router that stems from not properly validating the path parameter and displaying it back to the shell environment, which...

9.3CVSS7AI score0.00296EPSS

Exploits0References4