Lucene search
K

340 matches found

Cvelist
Cvelist
added yesterday19 views

CVE-2026-56415 OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40265

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...

10CVSS6AI score0.12334EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References4
NVD
NVD
added 5 days ago9 views

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS0.00471EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS5.8AI score0.00471EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-52984

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description The authentication filter for the REST API endpoint /api/v1/ incorrectly treats any request path ending in /configs as a public instance-config endpoint, allowing it t...

10CVSS5.8AI score0.00471EPSS
Exploits2References8
EUVD
EUVD
added 2026/06/18 12:0 a.m.8 views

EUVD-2026-37919

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 3:56 p.m.8 views

MGASA-2026-0208 Updated libinput packages fix security vulnerability

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution...

9.8CVSS5.5AI score0.00498EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 1:59 p.m.11 views

EUVD-2026-36036

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 5:16 a.m.4 views

UBUNTU-CVE-2026-11837

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS5.4AI score0.00127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 5:3 a.m.10 views

CVE-2026-11837

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS5.6AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 4:16 p.m.24 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS0.98937EPSS
Exploits5References3
Cvelist
Cvelist
added 2026/06/09 2:10 p.m.33 views

CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

10CVSS0.98937EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.10 views

X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling...

6.1CVSS4.9AI score0.00489EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 a.m.6 views

UBUNTU-CVE-2026-50265

Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292...

7CVSS5.2AI score0.00019EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/05 9:49 a.m.40 views

CVE-2026-50265

...

0.00019EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.11 views

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

6.3CVSS6.5AI score0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:30 p.m.32 views

CVE-2026-33590 Insecure default permissions in Portainer CE

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS0.00452EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 2:8 p.m.9 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
Rows per page
Query Builder