Lucene search
K

8010 matches found

Nuclei
Nuclei
added 2 days ago63 views

Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

9.3CVSS7.6AI score0.99652EPSS
Exploits9References5
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-8482 Information leak in NSRPC client history

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-8482

StormShield Network Security versions affected: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. A disclosed information-leak vulnerability arises when administration commands are executed via the CLI tool. If an attacker gains SSH access to the firewall (in SSH multiuser mode), they may obtain sensi...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago4 views

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

8.1CVSS7.2AI score0.00817EPSS
Exploits1References5
CVE
CVE
added 5 days ago11 views

CVE-2026-13752

CVE-2026-13752 affects Snowflake CLI prior to 3.19. Improper neutralization of parameters in certain CLI paths allows unintended SQL execution within the user’s Snowflake session when crafted values reach vulnerable parameters (e.g., via socially engineered input, malicious repository configurati...

8CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40149

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS5.9AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-13744

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.8CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-13746

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

5.4CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13751 Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40137

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40135

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-13744

CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-53309

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of attacker-controlled content allows unintended SQL execution. An attacker can execute arbitrary SQL within the context of a victim user's Snowflake session by providing...

8.8CVSS6.1AI score0.0032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877 This package presents itself as a redistribution of NVIDIA/skillspector pyproject Homepage points to github.com/NVIDIA/skillspector and the source...

5.9AI score
Exploits0References2
Fedora
Fedora
added last week5 views

[SECURITY] Fedora 44 Update: docker-buildx-0.35.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:57 a.m.3 views

[SECURITY] Fedora 43 Update: docker-buildx-0.35.0-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Rows per page
Query Builder