Lucene search
+L

22 matches found

cve
cve
added 2 days ago9 views

CVE-2026-46709

Tabby (Terminus) prior to 1.0.234 is vulnerable to a local RCE via drag-and-drop path injection. The vulnerability occurs because Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters (e.g., $(…) and …)....

7.8CVSS6.4AI score0.00151EPSS
Exploits0References3
osv
osv
added 2026/06/25 5:49 p.m.7 views

CVE-2026-54088 File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplie...

9.3CVSS6.3AI score0.00533EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/05 12:0 a.m.7 views

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

5.9AI score0.01275EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/05 12:0 a.m.9 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

5.9AI score0.01275EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/05 12:0 a.m.42 views

CVE-2026-31195

OS command injection vulnerability in the ping diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers to...

0.01275EPSS
Exploits0References3
cve
cve
added 2026/04/06 6:59 p.m.14 views

CVE-2026-35021

The CVE-2026-35021 entry is rejected by the CNA and does not represent an active vulnerability.

6.2AI score0.00041EPSS
Exploits0
redhatcve
redhatcve
added 2026/04/01 5:1 a.m.4 views

CVE-2026-30314

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

9.8CVSS6.3AI score0.01201EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/01 5:0 a.m.5 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

9.8CVSS6.3AI score0.01659EPSS
Exploits0References1
nvd
nvd
added 2026/03/31 3:16 p.m.9 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

9.8CVSS0.01659EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/31 4:59 a.m.4 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

9.8CVSS6.3AI score0.01145EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/31 12:0 a.m.5 views

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS
Exploits0References3
cve
cve
added 2026/03/31 12:0 a.m.8 views

CVE-2026-30314

Ridvay Code’s command auto-approval module contains a critical OS command injection vulnerability. The whitelist relies on fragile regular expressions that fail to account for Shell command substitution ($(…) and backticks), enabling an attacker to craft commands like git log --grep="$(malicious_...

9.8CVSS6.3AI score0.01201EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/03/31 12:0 a.m.15 views

CVE-2026-30311

Summary: Ridvay Code’s command auto-approval module contains a critical OS command injection vulnerability. The whitelist relies on fragile regular expressions that do not account for standard Shell command substitutions (e.g., $(...) and backticks), allowing an attacker to craft commands such as...

9.8CVSS6.3AI score0.01659EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/03/30 8:16 p.m.5 views

CVE-2026-30307

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

9.8CVSS0.01145EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

6.3AI score0.01145EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/30 12:0 a.m.8 views

PT-2026-29100

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

6.3AI score0.01145EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30307

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

6.3AI score0.01145EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/30 12:0 a.m.29 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

0.01145EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/23 9:36 p.m.23 views

CVE-2026-32047

...

Exploits0
cve
cve
added 2026/03/23 2:10 p.m.24 views

CVE-2026-33482

CVE-2026-33482 affects WWBN AVideo prior to 26.1 (up to 26.0) where sanitizeFFmpegCommand() fails to remove $() (bash command substitution). Since the sanitized ffmpeg command is executed in a double-quoted sh -c context, an attacker able to supply a crafted encrypted payload can achieve arbitrar...

8.1CVSS6.1AI score0.02061EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder