Lucene search
K

2255 matches found

Nuclei
Nuclei
added 3 days ago83 views

TerraMaster TOS - Unauthenticated Remote Command Execution

TerraMaster TOS = 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. id: CVE-2020-28188 info: name: TerraMaster TOS - Unauthenticated Remote Command Execution...

10CVSS7.5AI score0.96598EPSS
Exploits3References5
CVE
CVE
added 5 days ago10 views

CVE-2026-59855

The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...

8.6CVSS6AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.36 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/01 4:21 p.m.38 views

CVE-2026-34113 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 7:13 p.m.43 views

CVE-2026-7873 Code Injection Vulnerability in Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:13 p.m.34 views

CVE-2026-7873

CVE-2026-7873 affects Langflow OSS 1.0.0–1.10.0. IBM’s advisory attributes the flaw to the code validation endpoint’s logic, which could cause authenticated attackers to execute arbitrary OS commands and read sensitive files (including credentials) due to how function definitions were compiled/ex...

9.9CVSS6AI score0.00294EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52103

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled supervisord exposes an XML-RPC interface on port 9001, which is accessible from outside the container through a Caddy reverse-proxy route at the '/supervisor/' endpoint. An authenticated...

8.9CVSS6AI score0.00271EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:27 p.m.6 views

CVE-2026-56395

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49603

Name of the Vulnerable Software and Affected Versions Zyxel GS1900-48HPv2 versions prior to 2.90ABTQ.1C0 Description A stack-based buffer overflow exists in the CGI program. This flaw allows an unauthenticated attacker on the local area network LAN to potentially execute operating system commands...

8.8CVSS5.8AI score0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 3:50 p.m.33 views

CVE-2026-0419 Insufficient input validation vulnerability in NETGEAR JR6150

Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...

7.3CVSS0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 11:4 p.m.6 views

GHSA-HRJ8-HJV8-MGWC Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

9CVSS6AI score0.00048EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45879

Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description A sandbox escape issue in the extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The system uses a sandboxed Rhino...

8CVSS6.3AI score0.00211EPSS
Exploits0References10
Metasploit
Metasploit
added 2026/05/29 7:2 p.m.271 views

Apache ActiveMQ RCE via Jolokia addNetworkConnector

Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...

8.8CVSS7AI score0.96666EPSS
Exploits13
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:3 p.m.10 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:41 p.m.14 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 3:41 p.m.11 views

CVE-2026-44962

Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This allows an authenticated, low-privileged user to execute arbitrary operating system commands on the...

9.9CVSS6.1AI score0.00686EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:22 a.m.118 views

CVE-2026-8450

CVE-2026-8450 affects HTTP::Daemon before 6.17 (Perl). The vulnerability allows OS command execution via the send_file() function, which opens its string argument with Perl’s 2-arg open(). The 2-arg form supports magic prefixes: “| cmd” and “cmd |” to pipe to a subprocess, and “&gt; path”/“&gt;&g...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References11
OSV
OSV
added 2026/05/27 4:22 a.m.2 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.9AI score0.01452EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Node-EJS

The ejs also known as Embedded JavaScript templates package version 3.1.6 for Node.js enables server-side template injection in settings view optionsoutputFunctionName. This is parsed as an internal option, and the outputFunctionName option is overwritten with an arbitrary OS command which is...

9.8CVSS7AI score0.32808EPSS
Exploits7References2
Rows per page
Query Builder