Lucene search
K

702 matches found

EUVD
EUVD
added 2026/02/16 9:30 a.m.7 views

EUVD-2026-6119

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS5.5AI score0.02249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/16 7:32 a.m.38 views

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS0.02249EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 7:32 a.m.5 views

CVE-2026-2544

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS5.4AI score0.02249EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/16 7:32 a.m.21 views

CVE-2026-2544

CVE-2026-2544 affects yued-fe LuLu UI up to version 3.0.0. The vulnerability lies in the run.js file’s use of child_process.exec, enabling os command injection via remote attack. Multiple sources confirm the issue and remote exploitability, with vendor contact noted but no response. CVSS scores i...

7.5CVSS7.1AI score0.02249EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/16 7:32 a.m.5 views

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

7.5CVSS7AI score0.02249EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.8 views

LuLu UI 操作系统命令注入漏洞

LuLu UI is a native UI component library developed by yued-fe. Versions of LuLu UI 3.0.0 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the childprocess.exec function in the run.js file, which allowed for command injection via os...

7.5CVSS7.2AI score0.02249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.6 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/11 9:25 p.m.26 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS0.00911EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/11 9:25 p.m.5 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 9:25 p.m.5 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6.1AI score0.00911EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

sf-mcp-server 操作系统命令注入漏洞

sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...

7.5CVSS5.8AI score0.00911EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/01/20 12:0 a.m.26 views

VulnCheck KEV: CVE-2025-2857

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

10CVSS5.8AI score0.08404EPSS
In wildExploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001790 advisory. The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users...

4.7CVSS5.6AI score0.0038EPSS
Exploits0References16
GithubExploit
GithubExploit
added 2026/01/14 10:25 a.m.174 views

RCE-Exploit-Tools

RCE Exploit Research Tools Project Overview This repository cont...

7.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/30 7:5 p.m.4 views

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

7.5CVSS8.4AI score0.01944EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Serverless Framework 命令注入漏洞

Serverless Framework is a cloud service hosting tool from Serverless open source. A command injection vulnerability exists in Serverless Framework versions 4.29.0 through prior to 4.29.3, which stems from improper cleanup of input parameters to childprocess.exec, which could lead to remote code...

7.5CVSS6.1AI score0.01944EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/12/19 8:18 p.m.7 views

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS7.8AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:15 p.m.6 views

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:57 p.m.5 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2025/12/18 7:57 p.m.11 views

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder