Lucene search
K

2571 matches found

AlpineLinux
AlpineLinux
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.1AI score0.01051EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2018-21786

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.8AI score0.0089EPSS
Exploits1References5
NVD
NVD
added 2026/04/22 4:16 p.m.6 views

CVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS0.00422EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:57 p.m.12 views

CVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.8AI score0.0089EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Raiffeisen ELBA5 加密问题漏洞

Raiffeisen ELBA5 is an electronic banking client system developed by the Austrian company Raiffeisen. Version 5.8.0 of Raiffeisen ELBA5 contains a security vulnerability related to remote code execution. This vulnerability may allow attackers to obtain database credentials and execute arbitrary...

9.8CVSS6.4AI score0.00422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33987

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

6.8AI score0.00572EPSS
Exploits0References3
CNVD
CNVD
added 2026/04/20 12:0 a.m.7 views

PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

10CVSS5.9AI score0.00707EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...

7.2CVSS6.1AI score0.00882EPSS
Exploits0References1
Redos
Redos
added 2026/04/20 12:0 a.m.6 views

ROS-20260420-73-0032

Vulnerability in lxd is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

9.4CVSS6.1AI score0.00502EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/17 9:24 p.m.7 views

Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...

9.4CVSS6.1AI score0.00922EPSS
Exploits3References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 4:33 a.m.3 views

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.2AI score0.01203EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 4:33 a.m.3 views

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.3AI score0.01203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞

Dell PowerProtect Data Domain is a data protection and backup storage product for enterprise-class data backup, deduplication and disaster recovery. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly hand...

6.7CVSS6.1AI score0.00571EPSS
Exploits0References1
Redos
Redos
added 2026/04/17 12:0 a.m.6 views

ROS-20260417-73-0039

Vulnerability in zabbix7.4 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

7.7CVSS6.1AI score0.00248EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.6 views

ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

7.7CVSS6.1AI score0.00248EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 8:22 p.m.12 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.7 views

EUVD-2026-22945

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

6.6AI score0.00974EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 4:16 p.m.9 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.3 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.10944EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

6.6AI score0.00405EPSS
Exploits0References2
Rows per page
Query Builder