CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

SUSE CVE•added 2026/03/25 12:26 a.m.•3 views

SUSE CVE-2026-28280

osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The paylo...

8.7CVSS6AI score0.00227EPSS

Exploits0References3

OSV•added 2026/03/10 6:28 p.m.•4 views

GO-2026-4576 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List in github.com/jmpsec/osctrl

osctrl has Stored Cross-Site Scripting XSS in On-Demand Query List in github.com/jmpsec/osctrl...

8.7CVSS5.8AI score0.00227EPSS

Exploits0References4

OSV•added 2026/03/10 6:28 p.m.•2 views

GO-2026-4579 osctrl is Vulnerable to OS Command Injection via Environment Configuration in github.com/jmpsec/osctrl

osctrl is Vulnerable to OS Command Injection via Environment Configuration in github.com/jmpsec/osctrl...

8.4CVSS5.8AI score0.009EPSS

Exploits0References4

EUVD•added 2026/02/28 2:7 a.m.•7 views

EUVD-2026-8923

osctrl has Stored Cross-Site Scripting XSS in On-Demand Query List...

8.7CVSS5.9AI score0.00227EPSS

Exploits0References4

Github Security Blog•added 2026/02/28 2:7 a.m.•8 views

osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List

Summary A stored Cross-site Scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user...

8.7CVSS6.1AI score0.00227EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/28 2:7 a.m.•5 views

GHSA-4RV8-5CMM-2R22 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List

6.1CVSS6.1AI score0.00227EPSS

Exploits0References5

Github Security Blog•added 2026/02/28 2:5 a.m.•12 views

osctrl is Vulnerable to OS Command Injection via Environment Configuration

Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...

8.4CVSS6.7AI score0.009EPSS

Exploits0References5Affected Software1

EUVD•added 2026/02/28 2:5 a.m.•6 views

EUVD-2026-8922

osctrl is Vulnerable to OS Command Injection via Environment Configuration...

8.4CVSS6AI score0.009EPSS

Exploits0References4

OSV•added 2026/02/28 2:5 a.m.•4 views

GHSA-RCHW-322G-F7RM osctrl is Vulnerable to OS Command Injection via Environment Configuration

7.3CVSS6.7AI score0.009EPSS

Exploits0References5

RedhatCVE•added 2026/02/28 1:55 a.m.•8 views

CVE-2026-28280

8.7CVSS6AI score0.00227EPSS

Exploits0References1

RedhatCVE•added 2026/02/28 1:54 a.m.•3 views

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

8.4CVSS6.7AI score0.009EPSS

Exploits0References1

Snyk•added 2026/02/27 3:21 a.m.•4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the osctrl-admin environment configuration. An attacker can execute arbitrary shell commands on every endpoint that enrolls using a compromised environment by injecting commands into the hostname parameter, which ar...

8.4CVSS6.2AI score0.009EPSS

Exploits0References2

Snyk•added 2026/02/27 3:21 a.m.•3 views

Command Injection

8.4CVSS6.2AI score0.009EPSS

Exploits0References2

NVD•added 2026/02/26 11:16 p.m.•5 views

CVE-2026-28279

8.4CVSS0.009EPSS

Exploits0References3

NVD•added 2026/02/26 11:16 p.m.•7 views

CVE-2026-28280

8.7CVSS0.00227EPSS

Exploits0References3

Vulnrichment•added 2026/02/26 11:0 p.m.•3 views

CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List

6.1CVSS6AI score0.00227EPSS

Exploits0References3

ATTACKERKB•added 2026/02/26 11:0 p.m.•3 views

CVE-2026-28280

8.7CVSS7.4AI score0.00227EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/02/26 11:0 p.m.•24 views

CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List

6.1CVSS0.00227EPSS

Exploits0References3

CVE•added 2026/02/26 11:0 p.m.•12 views

CVE-2026-28280

The CVE-2026-28280 entry concerns osctrl (an osquery management solution). Prior to version 0.5.0, there is a stored cross-site scripting (XSS) vulnerability in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when ...

8.7CVSS5.5AI score0.00227EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/26 11:0 p.m.•8 views

CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List

6.1CVSS5.9AI score0.00227EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by