Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

280 matches found

EUVD
EUVDadded 2026/03/09 10:48 p.m.2 views

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

6.3CVSS5.8AI score0.00052EPSS
Exploits0References3
OSV
OSVadded 2026/03/09 10:48 p.m.4 views

CVE-2026-30916 Shescape has possible misidentification of shell due to link chains

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

6.3CVSS5.7AI score0.00052EPSS
Exploits0References5
CVE
CVEadded 2026/03/04 7:34 a.m.6 views

CVE-2026-28776

IDC SFX Series SuperFlex SatelliteReceiver is affected by hardcoded credentials for the monitor account, allowing remote, unauthenticated SSH access. Initial access starts in a restricted shell, with the attacker able to break out to a full shell. The CVSS metrics indicate NETWORK access, LOW int...

9.8CVSS6AI score0.00476EPSS
Exploits1References1Affected Software1
F5 Networks
F5 Networksadded 2026/01/16 5:3 p.m.9 views

K000159600: Rack vulnerability CVE-2022-30123

Security Advisory Description A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. CVE-2022-30123 Impact There is no impact; F5 products are not affected by this vulnerability...

10CVSS7.3AI score0.01801EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/01/09 9:24 a.m.4 views

CVE-2023-40146

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...

9.8CVSS7.4AI score0.01435EPSS
Exploits1References1
OSV
OSVadded 2026/01/09 9:16 a.m.3 views

CLSA-2026-1767950193 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

8.3CVSS5.8AI score0.015EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/01/06 9:28 p.m.2 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/01/06 5:34 p.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/01/06 5:4 a.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/01/05 1:39 a.m.1 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
NVD
NVDadded 2025/12/30 11:15 p.m.7 views

CVE-2024-58338

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

10CVSS0.00718EPSS
Exploits2References4
OSV
OSVadded 2025/12/24 8:15 p.m.3 views

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

8.7CVSS5.8AI score
Exploits0References3
RedHat Linux
RedHat Linuxadded 2025/12/22 11:27 p.m.2 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
OSV
OSVadded 2025/12/09 11:38 a.m.4 views

BIT-APACHE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

8.3CVSS6.8AI score0.015EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/07 12:0 a.m.1 views

PT-2025-45530

URGENT: Critical Erlang/OTP vulnerabilities patched in OpenSuSE update 2025-15706-1. Includes a high-severity shell escape flaw CVE-2024-24357 leading to RCE. Read more: 👉 https://t.co/2N8otqQfDH Security OpenSUSE https://t.co/eRLTzqyYll...

7AI score
Exploits0References1
NVD
NVDadded 2025/10/29 11:16 p.m.8 views

CVE-2025-54545

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...

7.8CVSS0.00102EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-5556

Malware in sbrugna...

5.5CVSS5.6AI score0.00837EPSS
Exploits3References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-26538

Malware in sbrugna...

9CVSS6.9AI score0.03307EPSS
Exploits2References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-17731

Malware in sbrugna...

9CVSS8.6AI score0.0204EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-3443

Malware in sbrugna...

9.9CVSS8.9AI score0.01836EPSS
Exploits0References5
Rows per page
Query Builder