Lucene search
K

7701 matches found

CVE
CVE
added 2026/06/24 9:21 p.m.10 views

CVE-2026-54759

SiYuan’s Lute HTML sanitizer (prior to version 3.7.0) fails to remove elements. When combined with the SiYuan Electron client’s permissive security configuration, a malicious in a Bazaar package README can trigger arbitrary command execution on the victim’s machine when package details are view...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score0.00207EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 6:24 p.m.9 views

Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository

Summary mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/, .mise/tasks/, … but no config file, mise falls back to the default includes and...

8.6CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.6 views

SUSE CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.5CVSS6.7AI score0.00414EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

RHEL 9 : vim (RHSA-2026:28133)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28133 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.3AI score0.00552EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.10 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6.4AI score0.0047EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.6 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6.4AI score0.0047EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22321-1 Security update for python-click

This update for python-click fixes the following issue - CVE-2026-7246: Arbitrary command execution via command injection in click.edit bsc1263898...

7.2CVSS5.9AI score0.0081EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2026/06/22 12:0 a.m.3 views

The vulnerabilities in the scripts system_mgr.cgi, account_mgr.cgi, dsk_mgr.cgi, and app_mgr.cgi of the D-Link DNS-320 network storage software allow attackers to execute arbitrary commands.

The vulnerability in the scripts systemmgr.cgi, accountmgr.cgi, dskmgr.cgi, and appmgr.cgi of the D-Link DNS-320 network storage software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability can allow an...

7.2CVSS6.3AI score0.04544EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51386

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...

9.6CVSS6AI score0.00685EPSS
Exploits0References7
Debian
Debian
added 2026/06/21 4:50 p.m.16 views

[SECURITY] [DSA 6358-1] libhttp-daemon-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2026 https://www.debian.org/security/faq -...

9.1CVSS6AI score0.01452EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without...

8.8CVSS6AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/19 4:28 p.m.5 views

CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00414EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 4:28 p.m.7 views

EUVD-2026-38047

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00414EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00414EPSS
Exploits0References36
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.23 views

CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS0.00476EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 8:41 p.m.9 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the PATH environment variable influencing the selection of the trash executable during maintenance tasks. An attacker can execute unintended local executables by...

7.2CVSS5.9AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 6:35 p.m.6 views

Unsafe Dependency Resolution

Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...

8.8CVSS6.3AI score0.00231EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.12 views

[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References6Affected Software3
Snyk
Snyk
added 2026/06/18 2:26 p.m.4 views

Incorrect Authorization

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Incorrect Authorization via the shell function. An attacker can execute arbitrary shell commands with the privileges of the runni...

8.8CVSS6AI score
Exploits0References4
Rows per page
Query Builder