Lucene search
K

45071 matches found

RedhatCVE
RedhatCVE
added 5 days ago12 views

CVE-2026-53488

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...

9.4CVSS6.1AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 5 days ago14 views

CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40925

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-50043

SkyBridge MB-A100/MB-A110 are affected by CVE-2026-50043: improper neutralization of special elements used in an OS command (OS Command Injection). If an attacker can log in with administrative privileges, arbitrary OS commands may be executed. The connected documents do not specify a patch or wo...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References2
Nuclei
Nuclei
added 5 days ago450 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40860

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS5.9AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 5 days ago55 views

CVE-2026-53488

CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...

9.4CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago3 views

PT-2026-54750

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the translate text.php file passes the id GET parameter directly...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References5
NVD
NVD
added 6 days ago6 views

CVE-2026-56415

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS0.03074EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago22 views

CVE-2026-56413 OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS0.03081EPSS
Exploits0References3
NVD
NVD
added 6 days ago5 views

CVE-2026-7873

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40381

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS6AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-27957 Coolify: Authenticated RCE via command injection in CA certificate management feature

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS0.00658EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago4 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6AI score0.00552EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 6 days ago7 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS6.4AI score0.00552EPSS
Exploits0References5
The Hacker News
The Hacker News
added 6 days ago11 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.29641EPSS
Exploits1
RedHat Linux
RedHat Linux
added 6 days ago8 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00654EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40256

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS5.9AI score0.00677EPSS
Exploits0References3
Rows per page
Query Builder