Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. A
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not requ
CVE-2025-63414
CRITICAL CVSS 10.0
Find Similar
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /ht
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers c
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input inje
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously cr
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature t
CVE-2025-2071
CRITICAL CVSS 10.0
Find Similar
A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted inp
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required t
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authe
CVE-2026-24663
CRITICAL CVSS 9.8
Find Similar
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbi
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbi
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the m
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Th
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input int
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injec
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script inje
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input int
Page 1+ Next →