Lucene search
+L

365 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-61498

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago16 views

CVE-2026-61498

CVE-2026-61498 affects Vitec Flamingo 4.12.2. The vulnerability is an unauthenticated OS command injection in the admin/ajax/gen_graphs.php endpoint, where input values from GET parameters (start, end, key, format) are unsafely passed to shell commands via passthru(), enabling remote command exec...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2026-60121

CVE-2026-60121 affects Vitec Flamingo 4.12.2. An unauthenticated OS command injection exists in admin/ajax/ping.php due to a double-evaluation flaw in shell argument handling: user-supplied host POST parameter is escaped with escapeshellarg() for a system wrapper, but the decoded value is taken f...

9.8CVSS6.3AI score0.01389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55261

Name of the Vulnerable Software and Affected Versions Dockwatch versions prior to 0.6.568 Description An unauthenticated OS command injection exists that allows remote attackers to execute arbitrary shell commands. The issue arises from a chain of two bugs: a missing exit function after an...

9.8CVSS6.3AI score0.0119EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:22 p.m.7 views

CVE-2026-58457

Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilterconf handler in the commuos web backend. Attackers...

9.8CVSS6.1AI score0.01671EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/07/01 4:23 p.m.8 views

CVE-2026-34116 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:23 p.m.6 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 4:21 p.m.14 views

CVE-2026-34113

CVE-2026-34113 : Guardian language-system is vulnerable to unauthenticated OS command injection via the id GET parameter in speech_text.php. The code passes the parameter directly into an exec() call: exec("php jobs/speech_audio_text.php "+login_session+" "+$_GET['id']+" ..."), allowing an attack...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 4:21 p.m.9 views

CVE-2026-34113 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:20 p.m.38 views

CVE-2026-34112 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:18 p.m.30 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:17 p.m.32 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:55 a.m.32 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/23 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.1AI score0.0295EPSS
In wildExploits2References12
CVE
CVE
added 2026/06/22 5:53 p.m.22 views

CVE-2026-11834

CVE-2026-11834 describes a command-injection vulnerability in the DHCP option processing logic of multiple TP-Link routers, caused by insufficient validation of externally supplied DHCP option data. An adjacent attacker can exploit this by sending crafted DHCP responses, potentially during device...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution

The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...

9.8CVSS6AI score0.00701EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 a.m.20 views

CVE-2026-7273

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS0.00315EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/13 9:11 a.m.96 views

Exploit for CVE-2026-11450

GL.iNet Beryl AX Triple RCE PoC PoC for three unauthenticated...

7.5CVSS7.3AI score0.02027EPSS
Exploits1
NVD
NVD
added 2026/06/09 4:16 p.m.34 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS0.36135EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

7.3CVSS5.9AI score0.01186EPSS
Exploits3References1
Rows per page
Query Builder