Lucene search
+L

8819 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-45217

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.8AI score
Exploits0References5
NVD
NVD
added 3 days ago10 views

CVE-2026-30618

xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...

9.8CVSS0.01671EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

9.8CVSS0.00722EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago10 views

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

5.2CVSS6.2AI score0.00669EPSS
Exploits0References4
CVE
CVE
added 3 days ago14 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 3 days ago37 views

CVE-2025-65720

Open Source GPT Researcher v3.3.7 is affected by CVE-2025-65720, described as a remote code execution vulnerability. Attackers can cause arbitrary commands to run on a victim system by interacting with a crafted HTML page. The linked ENISA EUVD entry confirms the issue and references exploitation...

9.8CVSS6.4AI score0.00722EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

0.00722EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago13 views

PT-2026-58872

Name of the Vulnerable Software and Affected Versions ASUS router models affected versions not specified Description Improper Validation of Integrity Check Value and Improper Certificate Validation allow a remote man-in-the-middle MITM user to force the router to download and execute arbitrary...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-61498 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago11 views

CVE-2026-59856

A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remo...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References5
Veracode
Veracode
added 5 days ago5 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/10 3:5 p.m.8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 12:17 p.m.8 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 12:14 p.m.13 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-59858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 11:17 p.m.2 views

DEBIAN-CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/09 10:39 p.m.9 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:39 p.m.7 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/09 10:39 p.m.7 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
CVE
CVE
added 2026/07/09 10:37 p.m.14 views

CVE-2026-59858

Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...

8.4CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder