Lucene search
K

31220 matches found

GithubExploit
GithubExploit
added 2026/02/08 12:39 p.m.288 views

Exploit for CVE-2025-49132

CVE-2025-49132-POC I made this poc for my personal cha...

10CVSS5.2AI score0.13105EPSS
Exploits28
OSV
OSV
added 2026/02/07 10:16 p.m.7 views

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

8.8CVSS6.2AI score0.02819EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.5 views

SUSE CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out-of-scope containers for example, env=prod on the same agen...

9.9CVSS5.3AI score0.00385EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.5 views

SUSE CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

8.8CVSS5.7AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00175EPSS
Exploits0References3
NVD
NVD
added 2026/02/07 12:15 a.m.5 views

CVE-2020-37166

AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate...

6.9CVSS0.00213EPSS
Exploits1References3
NVD
NVD
added 2026/02/07 12:15 a.m.9 views

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

9.8CVSS0.0067EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.5 views

Celestial AbsoluteTelnet 安全漏洞

Celestial AbsoluteTelnet is a Telnet/SSH terminal client software developed by the American company Celestial. Version 11.12 of Celestial AbsoluteTelnet contains a security vulnerability, which stems from improper handling of the license name input field. This vulnerability could lead to...

6.7CVSS5.8AI score0.00222EPSS
Exploits1References3
CVE
CVE
added 2026/02/06 11:14 p.m.12 views

CVE-2020-37166

CVE-2020-37166 affects AbsoluteTelnet 11.12. The vulnerability resides in the SSH2 username input field where a local attacker can overwrite the username with a 1000-byte buffer, causing the application to become unresponsive and terminate (Denial of Service). The root cause is a handling/validat...

6.9CVSS5.4AI score0.00213EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37095

The connected PTsecurity entry confirms CVE-2020-37095 affects Cyberoam Authentication Client 2.1.2.7 and describes a buffer overflow that overwrites Structured Exception Handler (SEH) memory. An attacker can supply a crafted value in the Cyberoam Server Address field to trigger a bind TCP shell ...

9.8CVSS6.4AI score0.0067EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.3 views

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

9.8CVSS6.4AI score0.0067EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.33 views

CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

9.8CVSS0.0067EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00935EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6813

Name of the Vulnerable Software and Affected Versions Cyberoam Authentication Client version 2.1.2.7 Description The Cyberoam Authentication Client software contains a buffer overflow issue that enables remote attackers to run code without permission by overwriting Structured Exception Handler SE...

9.8CVSS6.1AI score0.0067EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/06 12:0 a.m.171 views

📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload

WordPress Royal Elementor Addons plugin version 1.3.78 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : WordPress Royal Elementor Addons 1.3.78 RCE ...

9.8CVSS5.4AI score0.81695EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/02/05 9:23 p.m.164 views

Exploit for CVE-2026-25643

CVE-2026-25643: Frigate NVR = 0.16.3 Authenticated RCE Ex...

5.5AI score0.02874EPSS
Exploits8
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2020-37123

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

9.8CVSS0.03135EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37136

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/05 4:13 p.m.11 views

CVE-2020-37136

CVE-2020-37136 affects ZOC Terminal 7.25.5. A denial-of-service condition is triggered by overwriting the private key file input with a ~2000-byte buffer during SSH key file creation, causing the application to become unresponsive. Affected component: private key file input handling in ZOC Termin...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References3
Rows per page
Query Builder