Lucene search
K

75 matches found

SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.37 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS0.00219EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 7:16 p.m.9 views

UBUNTU-CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:32 p.m.35 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS0.00219EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/11 6:32 p.m.6 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/11 6:32 p.m.9 views

EUVD-2026-36281

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48705

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0495 Description A Vimscript code injection exists in the s:NetrwBookHistSave function within the netrw plugin. The issue occurs when serializing browsed directory paths to the history file /.vim/.netrwhist. A directo...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2026/05/24 5:0 a.m.8 views

CVE-2026-9356 SourceCodester Hospitals Patient Records Management System manage_history.php sql injection

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.11 views

PT-2026-42914

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/23 10:15 p.m.13 views

EUVD-2026-31554

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/12 4:56 p.m.35 views

CVE-2026-43891 changedetection.io: Arbitrary Local File Read via crafted backup restore

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS0.00354EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 4:56 p.m.21 views

CVE-2026-43891

Summary: CVE-2026-43891 and related advisories describe an arbitrary local file read in changedetection.io caused by trusting attacker-controlled history.txt entries restored via crafted backups. Prior to 0.55.1, history values containing path separators are treated as filesystem paths and can re...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 9:16 p.m.12 views

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2026/04/11 5:12 a.m.6 views

Sensitive Information Disclosure

Apache Cassandra is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing sensitive data such as passwords in plaintext within the cqlsh history file, which allows an attacker with local access to read and retrieve sensitive information...

5.5CVSS5.8AI score0.00162EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.8 views

CVE-2026-27315

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

5.5CVSS5.8AI score0.00162EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/07 6:31 p.m.8 views

Apache Cassandra has sensitive Information Leak in cqlsh

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:40 p.m.4 views

CVE-2026-27315 Apache Cassandra: cqlsh history sensitive information leak

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

5.9AI score0.00162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.4 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : MongoDB vulnerabilities (USN-8064-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8064-1 advisory. Eliot Horowitz discovered that MongoDB may fail to validate some instances of malformed BSON. A remote attacker could possibly use this...

6.5CVSS6AI score0.028EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/27 3:50 p.m.5 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the clihistory feature. An attacker can access sensitive command history and API request/response data by reading the history database file if it is created with default permissions on a multi-user Unix...

4.9CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/03 3:55 a.m.4 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS5.4AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder