Lucene search
+L

87 matches found

CNVD
CNVD
added 2026/01/30 12:0 a.m.10 views

IBM Concert Code Issue Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...

8.8CVSS5.7AI score0.0026EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/03 4:27 p.m.18 views

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

9.8CVSS8.1AI score0.00639EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-18483

Malware in sbrugna...

8.1CVSS7.7AI score0.01108EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-4343

Malware in sbrugna...

6.9CVSS7.5AI score0.00492EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-0430

Malware in sbrugna...

8.8CVSS7.9AI score0.00168EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23390

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2025/08/25 4:21 p.m.7 views

GHSA-4GV9-MP8M-592R Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

8.8CVSS7.5AI score0.00433EPSS
Exploits0References4
Veracode
Veracode
added 2025/08/20 7:30 a.m.9 views

Authentication Bypass

github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...

6.5CVSS7.6AI score0.00356EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.6 views

Shopware 6.6.10.4 Race Condition

A race condition exists within the voucher system of the Shopware Core. Successful exploitation of this vulnerability allows an attacker to bypass voucher usage limits during the checkout process. This vulnerability exists due to the fact that validation of voucher codes is not an atomic operatio...

6CVSS6.5AI score0.00379EPSS
Exploits1
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.5 views

WordPress plugin WP Optimize By xTraffic 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...

9.8CVSS7.3AI score0.00461EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.6 views

Configuration Change Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.6 views

PT-2025-4050 · Unknown · Esafenet Cdg V5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A problematic issue was found in ESAFENET CDG V5, affecting unknown code of the file "doneDetail.jsp". The manipulation of the curpage argument leads to cross site scripting. The attack can be initiated remotely...

6.1CVSS3.6AI score0.00366EPSS
Exploits1References9
NVD
NVD
added 2024/09/20 8:15 a.m.13 views

CVE-2024-41721

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

8.1CVSS0.00776EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 1:48 p.m.6 views

MAL-2024-6678 Malicious code in area-code_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b970fe360a75d2f70235b2034410e809c8333c22b6aaeda04dcde329417eded1 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/16 9:3 a.m.13 views

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

9.8CVSS8AI score0.00968EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/16 9:3 a.m.28 views

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

9.8CVSS9.9AI score0.00968EPSS
Exploits1References2
OSV
OSV
added 2024/05/16 9:3 a.m.16 views

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

9.8CVSS7.5AI score0.00968EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/05/02 12:30 p.m.21 views

CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

9.8CVSS7.6AI score0.01139EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/05/02 9:43 a.m.23 views

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

7.5AI score0.01139EPSS
Exploits0References3
Veracode
Veracode
added 2024/03/28 7:35 a.m.24 views

Remote Code Execution (RCE)

johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...

8.1CVSS7.5AI score0.00165EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder