Lucene search
K

355 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/04/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

8.8CVSS6AI score0.01072EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2026/04/01 8:39 p.m.19 views

CVE-2026-1345 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

7.3CVSS0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 9:31 p.m.6 views

EUVD-2026-16293

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.7CVSS6.8AI score0.06239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:0 p.m.3 views

CVE-2026-26213

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.7CVSS6.8AI score0.06239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 7:0 p.m.28 views

CVE-2026-26213 thingino-firmware api.cgi Unauthenticated Command Injection in Captive Portal

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.7CVSS0.06239EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 1:32 p.m.5 views

CLSA-2026-1773667921 Fix CVE(s): CVE-2025-10230

SECURITY UPDATE: unauthenticated command injection via WINS hook in source4 NBT server. The "wins hook" parameter passed unsanitized NetBIOS names to a shell command, allowing arbitrary command execution by remote clients. - debian/patches/CVE-2025-10230.patch - CVE-2025-10230...

10CVSS7.6AI score0.40121EPSS
Exploits2References1
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

CVE-2026-22209

thingino-firmware up to commit e3f6a41 published on 2026-03-15 contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter...

8.8CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2026/03/07 1:15 a.m.21 views

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

9.8CVSS0.02999EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 7:8 a.m.2 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS6AI score0.02132EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/05 3:38 p.m.36 views

CVE-2026-30798 RustDesk Client Accepts Unauthenticated stop-service Command via Strategy Payload

Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop, strategy processing modules allows Protocol Manipulation. This vulnerability is...

8.2CVSS0.00288EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/03 8:2 p.m.8 views

WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

Impact An unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration secrets, internal keys, credentials, and service disruption...

9.8CVSS6.4AI score0.02132EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-23005

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 7.0 Description AVideo is a video-sharing Platform software susceptible to unauthenticated Remote Code Execution RCE. An attacker can inject shell command substitution into the base64Url GET parameter, potentially...

9.8CVSS5.9AI score0.02132EPSS
Exploits2References19
NVD
NVD
added 2026/02/25 8:23 p.m.8 views

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...

8.1CVSS0.17424EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 7:18 p.m.124 views

CVE-2026-22719 VMware Aria Operations command injection vulnerability

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...

8.1CVSS0.17424EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.8 views

CVE-2026-27175

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...

9.8CVSS6.6AI score0.06872EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.5 views

PT-2026-8274

CVE-2025-47915 - QNAP NAS Unauthenticated Command Injection CVE ID : CVE-2025-47915 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 3:39 p.m.21 views

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

8.8CVSS0.07454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2025-13375

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

9.8CVSS5.8AI score0.00506EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-5875

Name of the Vulnerable Software and Affected Versions IBM Common Cryptographic Architecture CCA versions 7.5.52 and 8.4.82 Description The software contains a flaw that could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. This impacts systems...

9.8CVSS6AI score0.00506EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform developed by the American multinational company International Business Machines IBM. It provides features for protecting financial transactions. Versions 7.5.52 and 8.4.82 of IBM Common Cryptographic Architecture contain security...

9.8CVSS6.1AI score0.00506EPSS
Exploits0References1
Rows per page
Query Builder