Lucene search
K

171 matches found

CVE
CVE
added 15 hours ago9 views

CVE-2026-15669

Technical details (affected products, vulnerable components, exploit vectors) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 15 hours ago7 views

CVE-2026-15669

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS5.7AI score
Exploits0References8Affected Software1
Cvelist
Cvelist
added 15 hours ago7 views

CVE-2026-15669 louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS
Exploits0References8
NVD
NVD
added 6 days ago8 views

CVE-2026-15035

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

7.8CVSS0.01338EPSS
Exploits1References7
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42271

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS5.8AI score0.01338EPSS
Exploits1References7
NVD
NVD
added 2026/07/03 3:16 p.m.10 views

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/28 2:30 p.m.35 views

CVE-2026-13501 antlr ANTLR4 gofmt GoTarget.java GoTarget command injection

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. The attack can only be performed fro...

5.3CVSS0.00678EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53112

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description Command injection is possible in the gofmt component via the GoTarget function located in the tool/src/org/antlr/v4/codegen/target/GoTarget.java file. This issue allows an attacker to execute arbitra...

5.3CVSS6.3AI score0.00678EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-13501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file...

5.3CVSS5.5AI score0.00678EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/15 5:30 a.m.2 views

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS6.3AI score0.25323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-5833

A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...

5.3CVSS5.4AI score0.00647EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 8:16 p.m.73 views

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

7.8CVSS0.0051EPSS
Exploits0References4
NVD
NVD
added 2026/04/26 1:16 p.m.10 views

CVE-2026-7039

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS0.00653EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.11 views

Context Sync 命令注入漏洞

Context Sync is a local-first project memory tool developed by Mamba Personal Developer, based on MCP. Versions of Context Sync 2.0.0 and earlier had a command injection vulnerability, which originated from the os command injection present in the src/git-integration.ts file within the Git...

7.5CVSS7.1AI score0.01368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.14 views

PT-2026-35222

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS5.1AI score0.00653EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-33437

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description Improper neutralization of special...

6.7CVSS6.1AI score0.00571EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-33438

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description Improper neutralization of special...

6.7CVSS6AI score0.00571EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/15 1:22 a.m.7 views

CVE-2026-6219

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:30 p.m.4 views

EUVD-2026-22118

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

5.3CVSS5.4AI score0.00683EPSS
Exploits0References7
Rows per page
Query Builder