Lucene search
K

458025 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.719 views

Hikvision IP camera/NVR - Remote Command Execution

Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. id: CVE-2021-36260 info: name: Hikvisio...

9.8CVSS8.5AI score0.99869EPSS
Exploits23References5
Cvelist
Cvelist
added 2026/06/16 6:49 a.m.28 views

CVE-2026-8444 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 6:49 a.m.9 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:49 a.m.12 views

CVE-2026-8444

CVE-2026-8444 affects WordPress WP Review Slider Pro (get_results() without $wpdb-&gt;prepare(). This allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries and potentially extract sensitive database information. The provided met...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.11 views

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 5:33 a.m.27 views

CVE-2026-8443 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 5:33 a.m.13 views

CVE-2026-8443

CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 5:33 a.m.9 views

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 5:23 a.m.9 views

Command Injection

aws-cdk-lib is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user-controlled bundling properties in the NodejsFunction local bundling pipeline, which allows an attacker to inject shell metacharacters and execute arbitrary commands on the host running the CD...

7.3CVSS5.7AI score0.00936EPSS
Exploits1References7Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 4:41 a.m.75 views

Exploit for CVE-2026-54686

CVE-2026-54686: Warp Remote SSH Command Injection PoC Desc...

6.1AI score0.00278EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/06/16 2:23 a.m.9 views

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.10 views

SUSE CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.9 views

SUSE CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS5.8AI score0.00135EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:15 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with...

7.5CVSS6.8AI score0.00838EPSS
Exploits8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50110

Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50095

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50127

Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A PHP Object Injection issue exists in the software. This occurs when an application deserializes untrusted data, allowing an attacker to manipulate the objects created and potentially execut...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-50115

Unauthenticated PHP Object Injection in Léonie = 1.2.1 versions...

8.1CVSS5.4AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50102

Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References2
Rows per page
Query Builder