Lucene search
K

7701 matches found

Cvelist
Cvelist
added 2026/06/18 2:22 p.m.21 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 3:34 a.m.15 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50689

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions. This allows for indirect prompt injection,...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References10
CVE
CVE
added 2026/06/17 2:8 p.m.22 views

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

9.6CVSS6.7AI score0.00704EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.14 views

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 4:56 a.m.31 views

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS0.01786EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50502

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References8
OSV
OSV
added 2026/06/16 11:46 a.m.10 views

BIT-MARIADB-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.35 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

0.0056EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 11:16 p.m.20 views

CVE-2026-42846

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

9.8CVSS0.00603EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 9:41 p.m.38 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS0.0055EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 6:32 p.m.40 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48788

Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2 Idira Privileged Session Manager for SSH PSMP versions prior to 14.6.3 Idira Privileged Session Manager for SSH PSMP versions prior to 14.2.5 Idira Privileged Session Manag...

8.8CVSS5.7AI score0.0055EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

ClipBucket V5 操作系统命令注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...

9.8CVSS5.6AI score0.00603EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:6 a.m.16 views

EUVD-2026-35972

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.00988EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 3:4 a.m.10 views

CVE-2025-66273 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48360

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48361

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3410 build 20260214 QuTS hero versions prior to h5.2.9.3410 build 20260214 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3397 build 20260206 Description A command injectio...

8.6CVSS6.2AI score0.01049EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 6:31 p.m.55 views

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.8 views

github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

7.2CVSS5.8AI score0.0081EPSS
Exploits1References6
Rows per page
Query Builder