Lucene search
+L

117 matches found

OSV
OSV
added 2026/01/22 8:21 p.m.5 views

GHSA-X6JC-PHWX-HP32 Incus container environment configuration newline injection

Summary A user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional configuration items in the container’s lxc.conf due to the newline injection. This c...

8.7CVSS6AI score0.00471EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/01 6:28 a.m.3 views

Command Injection

Overview blackboard-core is an A Python SDK implementing the Blackboard Pattern for LLM-powered multi-agent systems Affected versions of this package are vulnerable to Command Injection due to unsafe host-level execution being reachable without a hard security gate or explicit acknowledgment. An...

9.8CVSS7.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4281

Name of the Vulnerable Software and Affected Versions Incus versions 6.20.0 and below Description Incus is a system container and virtual machine manager. A user with the ability to launch a container with a custom YAML configuration can create an environment variable containing newlines. This ca...

8.7CVSS5.8AI score0.0053EPSS
Exploits2References102
ATTACKERKB
ATTACKERKB
added 2025/07/15 6:34 p.m.6 views

CVE-2025-41238

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...

9.3CVSS6.3AI score0.00393EPSS
Exploits0References2Affected Software5
Veracode
Veracode
added 2025/07/04 6:14 a.m.5 views

Incorrect Default Permissions

Vagrant is vulnerable to Incorrect Default Permissions. The vulnerability is due to the Vagrantfile being writable from within the guest VM and executed by the host, allowing a low-privileged attacker to achieve guest-to-host code execution...

6.3AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/02 9:32 p.m.17 views

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

7.3AI score
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.5 views

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom versions prior to 15.10.2, which originates from code execution on the host via script tags, leading to code...

9.3CVSS9.4AI score0.00741EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.4 views

RWS WorldServer Security Vulnerability

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer prior to version 11.7.3 that stems from the ability to deserialize Java objects without authentication, which could lead to the execution of commands on th...

9.8CVSS7AI score0.01455EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.5 views

IBM Observability with Instana Security Vulnerability

IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution. A security vulnerability exists in IBM Observability with Instana that originates from a successful D...

9.8CVSS7.5AI score0.00782EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.6 views

PT-2023-21675 · Ubiquiti · Unifi

Name of the Vulnerable Software and Affected Versions: UniFi versions 7.3.83 and earlier Description: A backup file vulnerability found in UniFi applications running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

9.1CVSS7.6AI score0.00757EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

Elastic Kibana 代码注入漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana version 8.7.0. An attacker can exploit this...

9.9CVSS8.3AI score0.00957EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0049

Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...

7.4CVSS6.4AI score0.00775EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS7.6AI score0.0031EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/25 12:0 a.m.36 views

CVE-2023-24493

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a...

5.9AI score0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/24 4:15 p.m.7 views

CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS7.2AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2022/08/24 4:15 p.m.4 views

DEBIAN-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS7.5AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2022/08/24 4:15 p.m.24 views

CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS7.5AI score0.0031EPSS
Exploits0References3
PyPA
PyPA
added 2022/08/24 4:15 p.m.8 views

PYSEC-2022-253

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS8.2AI score0.0031EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.3 views

PT-2022-11235 · Unknown · Ansible-Runner

Name of the Vulnerable Software and Affected Versions: ansible-runner affected versions not specified Description: A flaw was found in ansible-runner, where an improper escaping of the shell command, while calling the ansible runner.interface.run command, can lead to parameters getting executed a...

8.5CVSS7.5AI score0.0031EPSS
Exploits0References15
Fedora
Fedora
added 2022/07/30 1:55 a.m.14 views

[SECURITY] Fedora 36 Update: golang-github-appc-spec-0.8.11-15.fc36

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

7.3AI score
Exploits0
Rows per page
Query Builder