Lucene search
K

13333 matches found

NVD
NVD
added yesterday9 views

CVE-2025-30007

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2025-30007

HestiaCP prior to 1.9.5 is affected by an authenticated OS command injection via DNS record management. The vulnerability stems from insufficient input validation in is_dns_record_format_valid() and unsafe eval-based parsing in update_domain_zone(), which can allow a low-privilege authenticated u...

8.8CVSS6.6AI score
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2025-210452

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS6.6AI score
Exploits0References4
NVD
NVD
added yesterday10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42871

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS0.01331EPSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42855

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-41880 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS0.01331EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS6.3AI score0.36503EPSS
Exploits7References3
Nuclei
Nuclei
added yesterday16 views

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS7.5AI score0.387EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday29 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS8AI score0.10371EPSS
Exploits8References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42691

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS6AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS0.01101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-0276

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42690

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-0276

CVE-2026-0276 describes a privilege escalation in Palo Alto Networks Cortex XDR Broker VM, enabling a locally authenticated user to perform actions as root. Public details in the provided documents are limited to the existence of a local-privilege escalation with low attack complexity and low imp...

4.8CVSS6AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
Rows per page
Query Builder