Page 2 of 50764 results (0.039 seconds)

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 1

26 Jun 2025 — An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. • https://vulncheck.com/advisories/optilink-ont1gew-router-rce • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

26 Jun 2025 — Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system. • https://github.com/M0ge/CNVD-2021-49104-Fanwei-Eoffice-fileupload/blob/main/eoffice_fileupload.py • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

26 Jun 2025 — A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. • https://s4e.io/tools/wifisky-7-layer-flow-control-router-remote-code-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1

26 Jun 2025 — A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. ... These commands are executed with the privileges of the web server process, enabling remote code execution and potential full device compromise. • https://ssd-disclosure.com/ssd-advisory-vacron-nvr-remote-command-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 3

26 Jun 2025 — Successful exploitation results in remote code execution with root privileges. • https://vulncheck.com/advisories/beward-n100-remote-command-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •