Lucene search
K

313 matches found

Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS0.01101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.01101EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42675

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.01101EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-59721

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42653

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS6.2AI score0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56897

Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2026.6.0 Description The updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER SMTP URL value. Additionally, the validateSMTPUrl function in utils.ts permits path,...

7.2CVSS6.3AI score0.00518EPSS
Exploits0References9
NVD
NVD
added 5 days ago8 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS0.00957EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software enables an authenticated...

8.5CVSS6.3AI score0.01101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
NVD
NVD
added 2026/06/10 10:16 p.m.15 views

CVE-2026-0273

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS0.01187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

8.6CVSS5.7AI score0.01336EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 6:53 p.m.28 views

CVE-2026-49134

CodexBar prior to 0.32.0 is affected by a local privilege-escalation in the CLI installer due to a race condition in temporary file handling. The installer uses mktemp to create a privileged temporary file, writes a shell payload into it, and then executes it with administrator privileges via bas...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/26 3:16 p.m.18 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.06582EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 12:0 a.m.19 views

CVE-2026-36828

CVE-2026-36828 describes a command-injection in Panabit PAP-XM320 up to v7.7. The vulnerable CGI is /cgi-bin/tools/ajax_cmd; when authenticated users supply action=runcmd, they can execute arbitrary shell commands with root privileges. Impact aligns with high-severity, full control over the host ...

8.8CVSS6AI score0.01667EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 9:53 p.m.38 views

CVE-2026-44194

The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...

9.1CVSS6.1AI score0.06355EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/13 5:59 p.m.29 views

CVE-2026-0261

CVE-2026-0261 describes multiple command injection vulnerabilities in PAN-OS that allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. Exploitation requires access to the PAN-OS CLI or Web UI. Affected products include PAN-OS running on PA-Ser...

8.6CVSS5.9AI score0.01336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

6.1AI score0.01143EPSS
Exploits2References2
CVE
CVE
added 2026/05/05 12:0 a.m.17 views

CVE-2026-31196

The vulnerability CVE-2026-31196 affects ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway. The traceroute diagnostic handler (/bin/httpd_clientside) unsafely inserts user-supplied destAddr input into a system() call, enabling authenticated remote attackers to execute arbitrar...

8.8CVSS5.9AI score0.01275EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 2:52 p.m.56 views

EUVD-2025-209614

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS6AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 10:16 p.m.5 views

CVE-2026-41446

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...

9.8CVSS0.00433EPSS
Exploits0References1
Rows per page
Query Builder