Lucene search
K

57 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-34111

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:23 p.m.7 views

EUVD-2026-41075

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:22 p.m.7 views

EUVD-2026-41074

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:22 p.m.4 views

CVE-2026-34115

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:20 p.m.5 views

CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:16 p.m.7 views

EUVD-2026-41063

Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitlerendering.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-395 LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

9.8CVSS7.3AI score0.00528EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.01852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/02/04 8:39 p.m.3 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References2
OSV
OSV
added 2026/01/13 3:29 p.m.5 views

CVE-2025-68802 drm/xe: Limit num_syncs to prevent oversized allocations

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation,...

6.3AI score0.00166EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.28 views

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

9.3CVSS6.2AI score0.19761EPSS
In wildExploits4References78
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-5630

Malware in sbrugna...

8.8CVSS8.8AI score0.02375EPSS
Exploits1References2
Veracode
Veracode
added 2024/08/27 7:13 a.m.13 views

Code Injection

llamaindex is vulnerable to Code Injection. The vulnerability is caused due to a missing validation for the clsname variable used in the exec call in the download/integration.py script. An attacker can execute arbitrary code by injecting malicious input into the clsname variable used in the exec...

8.8CVSS7.5AI score0.00528EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/22 9:31 p.m.13 views

LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

8.8CVSS6.9AI score0.00528EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/08/22 9:31 p.m.11 views

GHSA-FXC2-8M62-M85X LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

9.8CVSS8.7AI score0.00528EPSS
Exploits0References6
OSV
OSV
added 2024/08/22 8:15 p.m.7 views

PYSEC-2024-192

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

8.8CVSS8.7AI score0.00528EPSS
Exploits0References2
NVD
NVD
added 2024/08/22 8:15 p.m.20 views

CVE-2024-45201

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

8.8CVSS0.00528EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.5 views

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications open-sourced by LlamaIndex. A security vulnerability exists in LlamaIndex versions prior to 0.10.38, which stems from a risky exec call to download/integration.py...

8.8CVSS8.4AI score0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.10 views

CVE-2024-45201

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

7.2AI score0.00528EPSS
Exploits0References2
Rows per page
Query Builder