Lucene search
K

15302 matches found

Cvelist
Cvelist
added 2026/07/01 4:20 p.m.33 views

CVE-2026-34112 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:17 p.m.17 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.27 views

CVE-2026-56264 Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS0.00334EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.14 views

CVE-2026-56264

CVE-2026-56264 affects Crawl4AI prior to 0.8.7. The Docker API server’s /execute_js endpoint accepts and executes arbitrary JavaScript in the server’s browser context with --disable-web-security enabled, enabling an attacker to run arbitrary JS and, given relaxed browser security, perform server-...

9.2CVSS6.2AI score0.00334EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.4 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.2 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
Metasploit
Metasploit
added 2026/06/29 7:4 p.m.145 views

Linux Execute Command

Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...

6AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-551 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS6.1AI score0.01891EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.8 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:2 a.m.10 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:12 p.m.14 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS5.8AI score0.0036EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:12 p.m.31 views

CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:11 p.m.8 views

CVE-2026-52884

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

7.8CVSS5.8AI score0.00155EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS5.9AI score0.00129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 1:3 a.m.5 views

CVE-2026-53200

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64 architectures. This vulnerability arises from incorrect handling of the Execute Never XN bit, a memory protection feature, when the FEATXNX feature is not enabled. This error can lead to execute permissions being...

8.8CVSS6.2AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS0.00129EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53200 KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS0.00129EPSS
Exploits0References2
Rows per page
Query Builder