Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters
CVE-2024-39028
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which al
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulat
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass
CVE-2021-47900
CRITICAL CVSS 9.3
Find Similar
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers ca
CVE-2019-25468
CRITICAL CVSS 9.3
Find Similar
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.
CVE-2025-34029
CRITICAL CVSS 9.4
Find Similar
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command int
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php
CVE-2014-125118
CRITICAL CVSS 9.4
Find Similar
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php,
CVE-2020-37125
CRITICAL CVSS 9.3
Find Similar
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restric
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into modu
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applianc
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required t
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the Load
CVE-2026-29014
CRITICAL CVSS 9.3
Find Similar
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP
Page 1+ Next →