Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

117 matches found

EUVD
EUVDadded 3 days ago8 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.02459EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-11527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle...

8.6CVSS5.6AI score0.00612EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/05 7:48 p.m.6 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5AI score0.00248EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 10:16 p.m.10 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS0.00248EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/06/02 9:30 p.m.7 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/02 9:30 p.m.7 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.6 views

PT-2026-45866

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References12
CNNVD
CNNVDadded 2026/06/02 12:0 a.m.2 views

BlenderMCP 安全漏洞

BlenderMCP is a 3D modeling control tool developed by ahujasid that connects Blender with AI. BlenderMCP has a security vulnerability, which stems from the operation of the Open function in the file src/blendermcp/server.py regarding the parameter inputimageurl, potentially leading to exploitatio...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
OSV
OSVadded 2026/05/15 6:17 a.m.6 views

MGASA-2026-0138 Updated awstats packages fix security vulnerability

AWStats is vulnerable to Command Injection via the open function. CVE-2025-63261...

7.8CVSS5.8AI score0.01046EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/05/08 9:17 p.m.6 views

CVE-2026-43378

A flaw was found in the Linux kernel. Specifically, within the Server Message Block SMB server component, a use-after-free vulnerability exists in the smb2open function. This issue arises when an opinfo pointer is accessed after its memory has been deallocated, creating a window for potential...

9.8CVSS6AI score0.00308EPSS
Exploits0References4
CVE
CVEadded 2026/04/24 2:42 p.m.6 views

CVE-2026-31583

The CVE-2026-31583 issue affects the Linux kernel em28xx media driver. A race in em28xx_v4l2_open() occurs because dev->v4l2 is read without holding dev->lock, racing with em28xx_v4l2_init()/em28xx_v4l2_fini() that free the structure and set dev->v4l2 to NULL under lock. This leads to us...

7.8CVSS5.5AI score0.00128EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linuxadded 2026/04/22 2:6 p.m.2 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7CVSS6AI score0.00216EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2026/04/21 11:45 a.m.5 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7CVSS6AI score0.00216EPSS
Exploits0References7
NVD
NVDadded 2026/04/02 3:16 p.m.0 views

CVE-2026-34792

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

8.8CVSS0.01272EPSS
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:5 a.m.0 views

can: mcp251x: fix deadlock in error path of mcp251x_open

...

5.5CVSS5.8AI score0.00099EPSS
Exploits0
EUVD
EUVDadded 2026/03/20 9:31 p.m.2 views

EUVD-2025-208911

AWStats 8.0 is vulnerable to Command Injection via the open function...

5.8AI score0.01046EPSS
Exploits1References3
NVD
NVDadded 2026/03/20 9:17 p.m.2 views

CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS0.01046EPSS
Exploits1References3
OSV
OSVadded 2026/03/20 9:17 p.m.1 views

DEBIAN-CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS5.2AI score0.01046EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/03/20 9:17 p.m.3 views

CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS5.9AI score0.01046EPSS
Exploits1References3
OSV
OSVadded 2026/03/20 9:17 p.m.3 views

UBUNTU-CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS5.8AI score0.01046EPSS
Exploits1References4
Rows per page
Query Builder