Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18 matches found

RedhatCVE
RedhatCVEadded 2026/02/23 7:32 p.m.5 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS7.1AI score0.0033EPSS
Exploits1References1
OSV
OSVadded 2026/02/22 2:16 p.m.1 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS5.6AI score
Exploits0References4
Cvelist
Cvelistadded 2026/02/22 2:2 p.m.23 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.0033EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/22 2:2 p.m.3 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS5.4AI score0.0033EPSS
Exploits1References4
CVE
CVEadded 2026/02/22 2:2 p.m.9 views

CVE-2026-2952

CVE-2026-2952 affects Vaelsys 4.1.0, specifically the HTTP POST Request Handler’s file /tree/tree_server.php. The vulnerability arises from manipulating the xajaxargs argument, enabling remote OS command injection. Exploitation can be performed remotely, and the exploit has been published. Multip...

9.8CVSS7.1AI score0.0033EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2026/02/22 12:0 a.m.2 views

Vaelsys V4 操作系统命令注入漏洞

Vaelsys V4 is an artificial intelligence video analysis platform developed by the Spanish company Vaelsys. Version 4.1.0 of Vaelsys V4 contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter xajaxargs in the...

9.8CVSS7.1AI score0.0033EPSS
Exploits1References5
OSV
OSVadded 2025/07/28 6:15 a.m.0 views

CVE-2025-8260

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgridserver.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. The attack can be initiated remotely. T...

7.5CVSS4.4AI score0.00132EPSS
Exploits1References4
OSV
OSVadded 2025/07/28 6:15 a.m.0 views

CVE-2025-8259

A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the function executeDataObjectProc of the file /grid/vgridserver.php. The manipulation of the argument xajaxargs leads to os command injection. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS5.5AI score
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2025/07/28 6:2 a.m.0 views

CVE-2025-8260

A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgridserver.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out...

7.5CVSS5AI score0.00132EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKBadded 2025/07/28 5:32 a.m.1 views

CVE-2025-8259

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function executeDataObjectProc of the file /grid/vgridserver.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be execut...

9.8CVSS6.8AI score0.06006EPSS
Exploits1References8Affected Software1
CNNVD
CNNVDadded 2025/07/28 12:0 a.m.2 views

Vaelsys V4 安全漏洞

Vaelsys V4 is an artificial intelligence video analytics platform from Vaelsys, Spain. A security vulnerability exists in Vaelsys V4 version .1.0, which stems from the manipulation of the parameter xajaxargs in the file /grid/vgridserver.php resulting in the use of a weak hash...

7.5CVSS4.3AI score0.00132EPSS
Exploits1References5
CNNVD
CNNVDadded 2025/07/28 12:0 a.m.1 views

Vaelsys V4 命令注入漏洞

Vaelsys V4 is an artificial intelligence video analytics platform from Vaelsys, Spain. A command injection vulnerability exists in Vaelsys V4 version 4.1.0, which stems from the incorrect operation of the parameter xajaxargs in the file /grid/vgridserver.php resulting in os command injection...

9.8CVSS7.9AI score0.06006EPSS
Exploits1References5
Prion
Prionadded 2018/02/16 4:29 a.m.8 views

Path traversal

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php...

4CVSS6.4AI score0.85497EPSS
Exploits4References4Affected Software1
NVD
NVDadded 2018/02/16 4:29 a.m.10 views

CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php...

6.5CVSS6.5AI score0.85497EPSS
Exploits4References4
OSV
OSVadded 2018/02/16 4:29 a.m.1 views

CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php...

6.5CVSS5.8AI score0.85497EPSS
Exploits4References4
CVE
CVEadded 2018/02/16 4:0 a.m.107 views

CVE-2017-14537

Affected software: Trixbox 2.8.0.4. Vulnerability: Path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. Root cause / details: Inadequate validation of user-supplied parameters leads to path traversal. Impact: Could a...

6.5CVSS6.4AI score0.85497EPSS
Exploits4References4Affected Software1
Cvelist
Cvelistadded 2018/02/16 4:0 a.m.14 views

CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php...

6.5AI score0.85497EPSS
Exploits4References4
FreeBSD
FreeBSDadded 2012/09/14 12:0 a.m.28 views

OpenX -- SQL injection vulnerability

Secunia reports: A vulnerability has been discovered in OpenX, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "xajaxargs" parameter to www/admin/updates-history.php when "xajax" is set to "expandOSURow" is not properly sanitised in e.g. the...

3.6AI score
Exploits0References1
Rows per page
Query Builder