Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

179 matches found

Prion
Prionadded 2020/03/23 10:15 p.m.15 views

Command injection

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

7.5CVSS9.6AI score0.86178EPSS
Exploits3References2Affected Software1
Cvelist
Cvelistadded 2020/03/23 9:44 p.m.11 views

CVE-2020-10879

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped...

9.7AI score0.86178EPSS
Exploits3References2
Veracode
Veracodeadded 2020/03/17 6:3 a.m.18 views

OS Command Injection

closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands...

9.8CVSS4.6AI score0.00426EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2020/03/17 5:59 a.m.22 views

OS Command Injection

docker-compose-remote-api is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the serviceName parameter due to lack of validation before passing to the exec function...

9.8CVSS5.7AI score0.00426EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2020/03/15 9:23 p.m.18 views

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

9.7AI score0.00712EPSS
Exploits1References1
Snyk
Snykadded 2020/03/13 9:26 a.m.2 views

Command Injection

Overview gulp-scss-lint is a Lint your .scss files. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands to the exec function located in src/command.js via the provided options. PoC by JHU System Security Lab var root =...

9.8CVSS7.2AI score0.00712EPSS
Exploits1References2
OSV
OSVadded 2020/03/10 1:15 p.m.16 views

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

8.8CVSS7.3AI score
Exploits0References1
NVD
NVDadded 2020/03/10 1:15 p.m.6 views

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

9CVSS8.9AI score0.00803EPSS
Exploits1References1
Cvelist
Cvelistadded 2020/03/10 12:34 p.m.11 views

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

8.9AI score0.00803EPSS
Exploits1References1
CNVD
CNVDadded 2020/03/03 12:0 a.m.3 views

Enpeem Command Execution Vulnerability

Enpeem is a lightweight package for programmatically accessing NPM. A security vulnerability exists in Enpeem 2.2.0 and earlier versions, which originates when the program sends the 'options.dir' parameter directly to the 'exec' function without performing any cleanup operations. The vulnerabilit...

9.8CVSS7.4AI score0.00578EPSS
Exploits1References1
Veracode
Veracodeadded 2020/03/02 8:42 a.m.13 views

Remote Code Execution (RCE)

enpeem is vulnerable to remote code execution. The attack is possible because the options.dir values are not escaped, allowing an attacker to inject and execute arbitrary commands via the exec function...

9.8CVSS6.1AI score0.00578EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2020/03/02 7:31 a.m.13 views

OS Command Injection

serial-number is vulnerable to OS command injection. The vulnerability exists as the values of cmdPrefix is improperly handled, allowing it to be passed into the exec function unsanitized...

9.8CVSS3.1AI score0.00578EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2020/02/28 9:15 p.m.10 views

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

9.8CVSS9.5AI score0.00578EPSS
Exploits1References2
OSV
OSVadded 2020/02/28 9:15 p.m.16 views

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

9.8CVSS7AI score
Exploits0References2
Prion
Prionadded 2020/02/28 9:15 p.m.17 views

Input validation

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

7.5CVSS9.5AI score0.00578EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2020/02/19 5:29 p.m.11 views

GHSA-5Q88-CJFQ-G2MH codecov NPM module allows remote attackers to execute arbitrary commands

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS8.8AI score0.00652EPSS
Exploits2References3
OSV
OSVadded 2020/02/17 7:15 p.m.19 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS9.5AI score
Exploits0References2
NVD
NVDadded 2020/02/17 7:15 p.m.10 views

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

8.8CVSS9.3AI score0.00652EPSS
Exploits1References2
OSV
OSVadded 2020/02/04 9:15 p.m.10 views

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.8CVSS7.8AI score
Exploits0References2
Prion
Prionadded 2020/02/04 9:15 p.m.18 views

Code injection

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

7.5CVSS9.8AI score0.01843EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder