Lucene search
K

89 matches found

OSV
OSV
added 2026/02/25 6:9 p.m.4 views

GHSA-JMHP-5558-QXH5 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...

9.9CVSS6.6AI score0.01729EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 5:25 p.m.12 views

CVE-2026-27728

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

9.9CVSS0.01729EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 4:25 p.m.14 views

CVE-2026-27728

OneUptime prior to v10.0.7 contains an OS command injection vulnerability in NetworkPathMonitor.performTraceroute() that allows an authenticated project user to inject shell metacharacters into a monitor destination, enabling arbitrary commands on the Probe server. Affected version: before 10.0.7...

9.9CVSS6.2AI score0.01729EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 4:25 p.m.22 views

CVE-2026-27728 OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

9.9CVSS0.01729EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:33 a.m.5 views

CVE-2026-27615

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

8.8CVSS5.8AI score0.00207EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21959

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...

9.9CVSS5.8AI score0.01729EPSS
Exploits1References13
GithubExploit
GithubExploit
added 2026/01/22 5:55 p.m.160 views

Exploit for CVE-2026-22444

CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...

7.1CVSS5.7AI score0.00654EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-54227

Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...

7.5CVSS6.7AI score0.00377EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

inMusic Engine DJ 安全漏洞

inMusic Engine DJ is a suite of professional DJ software from inMusic USA. A security vulnerability exists in inMusic Engine DJ version 4.3.0, which stems from an insecure privilege in the exposed HTTP service in the remote library that could lead to access to all files and network paths...

7.5CVSS5.8AI score0.00377EPSS
Exploits1References4
OSV
OSV
added 2025/11/21 6:17 p.m.7 views

CVE-2025-30201 Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leadin...

7.7CVSS8.2AI score0.00688EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/12 6:26 p.m.3 views

CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

5.3CVSS6.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 6:26 p.m.7 views

CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

5.3CVSS7.1AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-28141

Malicious code in bioql PyPI...

9.6CVSS9.1AI score0.00272EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2024-47650

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.75812EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2025/09/05 12:32 a.m.172 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulne...

6.5CVSS7.3AI score0.25068EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...

9.1CVSS5.5AI score0.00449EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/05/27 12:0 a.m.94 views

📄 KRUKSTON BISTRO 1.0 SQL Injection

KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...

8.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.11 views

PT-2025-15974 · Unknown +1 · Jenkins/Ssh-Slave +1

Name of the Vulnerable Software and Affected Versions: Jenkins/ssh-slave Docker images based on Debian affected versions not specified Description: The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all...

9.1CVSS6AI score0.00449EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/02/05 9:32 a.m.7 views

CVE-2024-30209

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

9.6CVSS6.5AI score0.00272EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/10/22 2:23 p.m.3 views

SUSE CVE-2022-48972

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INITLISTHEAD in ieee802154ifadd Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154netdevnotifiercall+0x120/0x3...

5.5CVSS6.7AI score0.0028EPSS
Exploits0References10
Rows per page
Query Builder