Lucene search
K

3990 matches found

RedHat Linux
RedHat Linux
added 2026/06/02 10:15 p.m.10 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/02 4:3 a.m.12 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/01 6:51 p.m.10 views

openssh: potential command injection via shell metacharacters

A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters...

6.5CVSS6AI score0.19753EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2026/06/01 6:51 p.m.12 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00247EPSS
Exploits0References7
CVE
CVE
added 2026/06/01 7:51 a.m.88 views

CVE-2026-42252

CVE-2026-42252 affects Apache Airflow. The issue stems from a documentation example in core-concepts/dag-run.html that used a BashOperator invocation without proper quoting, creating a pattern vulnerable to shell-metacharacter injection via dag_run.conf. In deployments where Dag.can_trigger is av...

9.1CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

9.1CVSS5.3AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 6:17 p.m.16 views

CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:10 p.m.15 views

EUVD-2026-33372

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

6.3CVSS6AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.14 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS0.00866EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.10 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux,...

8.1CVSS6AI score0.00419EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:3 p.m.10 views

CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.00866EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44904

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.2 Description An authenticated user can execute arbitrary OS commands on the host system through the Docker file upload functionality. The issue occurs because the destinationPath parameter is not properly...

9.9CVSS6.2AI score0.00866EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 3:43 p.m.8 views

RLSA-2026:19219 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

7.5CVSS6.1AI score0.00419EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.20 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

8.1CVSS6.2AI score0.00419EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/28 8:19 a.m.13 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:59 a.m.16 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 5:59 a.m.11 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which stems from the incorrect escaping of shell metacharacters when the “check password” script uses the %u character...

9CVSS5.8AI score0.02501EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/27 11:11 p.m.9 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 11:6 p.m.12 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
Rows per page
Query Builder