Lucene search
K

2570 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 2:12 p.m.8 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue...

9.1CVSS6.2AI score0.00819EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/18 8:35 a.m.45 views

CVE-2026-28732 Slash command trigger-word update allowed command hijacking

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

4.3CVSS0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/05/16 4:16 p.m.11 views

UBUNTU-CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/16 3:26 p.m.16 views

EUVD-2021-34842

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.7 views

CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:59 a.m.6 views

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

8.7CVSS6.1AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41270

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

8.7CVSS6.1AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 12:0 a.m.11 views

EUVD-2026-30547

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...

7.3CVSS6AI score0.01414EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/15 12:0 a.m.8 views

CVE-2026-39054

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...

7.3CVSS6AI score0.01414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 12:0 a.m.11 views

CVE-2026-39054

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...

6AI score0.01414EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 11:16 a.m.18 views

CVE-2025-68421

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...

8.7CVSS0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:22 p.m.8 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

vm2 访问控制错误漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.1 had an access control vulnerability. This vulnerability arises when nesting is set to true when...

9.1CVSS6.3AI score0.009EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40636

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue in scripted monitors allows an authenticated attacker with the Resource Administrator or Administrator role to...

8.7CVSS5.8AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40657

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue exists in an undisclosed TMOS Shell tmsh command that allows an authenticated attacker with administrator or...

8.3CVSS5.8AI score0.00107EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 10:24 p.m.38 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

0.00461EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 10:24 p.m.18 views

CVE-2026-43680

CVE-2026-43680 describes a remote code execution in Claris FileMaker Cloud where an Admin Console user could bypass a front-end restriction on OS Script schedule types and run arbitrary OS commands on the host. Documented impact suggests total compromise with HIGH confidentiality, integrity, and ...

7.2CVSS6.1AI score0.00461EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 9:31 p.m.10 views

EUVD-2026-29811

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.14 views

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
Rows per page
Query Builder