CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

7.4CVSS7.2AI score0.00208EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:22 a.m.•3 views

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

9.8CVSS7.1AI score0.00188EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 1:37 a.m.•2 views

CVE-2014-9001

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 APPTMIN, 2 APPTHR, 3 APPTDA, 4 APPTMO, 5 APPTYR, or 6 APPTPHONE parameters...

6.5CVSS7.7AI score0.062EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 12:27 a.m.•5 views

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

6.5CVSS8.4AI score0.00938EPSS

Exploits6References1

Vulnrichment•added 2025/03/20 10:11 a.m.•5 views

CVE-2024-7764 SQL Injection in vanna-ai/vanna

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

8.1CVSS8.7AI score0.00211EPSS

Exploits0References1

Vulnrichment•added 2023/03/15 12:0 a.m.•8 views

CVE-2022-4313

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets...

8.9AI score0.00762EPSS

Exploits0References1

Fedora•added 2021/01/20 1:33 a.m.•66 views

[SECURITY] Fedora 33 Update: sudo-1.9.5p1-1.fc33

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

7.8CVSS2.2AI score0.00208EPSS

Exploits2

Cvelist•added 2020/07/17 8:35 p.m.•14 views

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command...

9.8AI score0.10188EPSS

Exploits0References1

OSV•added 2019/07/05 5:46 p.m.•15 views

SUSE-SU-2019:0838-2 Security update for bash

This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324...

7.8CVSS7.9AI score0.00319EPSS

Exploits0References3

Fedora•added 2010/09/11 9:3 a.m.•17 views

[SECURITY] Fedora 13 Update: sudo-1.7.4p4-1.fc13

6.2CVSS2.2AI score0.00078EPSS

Exploits0

OSV•added 2006/04/06 10:4 a.m.•4 views

CVE-2006-1656

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root...

6.7AI score

Exploits0References4

Exploit DB•added 2001/09/11 12:0 a.m.•28 views

SpeechD 0.1/0.2 - Privileged Command Execution

source: https://www.securityfocus.com/bid/3326/info SpeechD is a device-independent layer for speech synthesis under Linux, providing an interface for speech-based applications or device drivers. SpeechD has been found to contain a flaw under certain implementations which can permit a local user ...

7AI score

Exploits0

securityvulns•added 2001/09/08 12:0 a.m.•42 views

Shopping Cart Version 1.23

User can execute command, but can't use "../" www.server.com/cgi- local/shop.pl/SID=947626980.19094/page=;ls| XP-TEAM DonHuan [email protected]...

3.8AI score

Exploits0

CVE•added 2001/01/22 5:0 a.m.•54 views

CVE-2000-1163

CVE-2000-1163 affects Ghostscript prior to 5.10-16, which uses an insecure LD_RUN_PATH value to locate libraries in the current directory. This enables a local attacker to place a Trojan horse library in a directory from which another user runs Ghostscript, potentially executing code with the use...

4.6CVSS6.7AI score0.00086EPSS

Exploits0References6Affected Software1