Lucene search
K

1093 matches found

NVD
NVD
added 2026/04/27 4:16 p.m.3 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/04/27 3:8 p.m.33 views

CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:8 p.m.5 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6.1AI score0.00558EPSS
Exploits2References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.1AI score0.01051EPSS
Exploits1References4
CNVD
CNVD
added 2026/04/20 12:0 a.m.7 views

PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

10CVSS5.9AI score0.00707EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...

7.2CVSS6.1AI score0.00882EPSS
Exploits0References1
Redos
Redos
added 2026/04/20 12:0 a.m.7 views

ROS-20260420-73-0032

Vulnerability in lxd is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

9.4CVSS6.1AI score0.00502EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/17 9:24 p.m.7 views

Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...

9.4CVSS6.1AI score0.00922EPSS
Exploits3References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 4:33 a.m.3 views

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.2AI score0.01203EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 4:33 a.m.3 views

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.3AI score0.01203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...

6.7CVSS6.1AI score0.00571EPSS
Exploits0References1
Redos
Redos
added 2026/04/17 12:0 a.m.8 views

ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

7.7CVSS6.1AI score0.00248EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.6 views

ROS-20260417-73-0039

Vulnerability in zabbix7.4 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

7.7CVSS6.1AI score0.00248EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 8:22 p.m.20 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.7 views

EUVD-2026-22945

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

6.6AI score0.00974EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 4:16 p.m.10 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.3 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.11679EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Agent Zero 安全漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...

8.6CVSS6.1AI score0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

6.6AI score0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:7 a.m.29 views

CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

2CVSS0.00168EPSS
Exploits0References2
Rows per page
Query Builder