Lucene search
K

2848 matches found

OSV
OSV
added 2026/03/04 10:9 p.m.6 views

GHSA-RHR9-HGCM-X289 Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint

The /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals...

8.7CVSS5.9AI score0.00331EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/04 10:9 p.m.7 views

Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint

The /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals...

8.7CVSS5.9AI score0.00331EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.3 views

CVE-2025-52365

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...

6.2AI score0.0053EPSS
Exploits0References3
CVE
CVE
added 2026/03/03 12:0 a.m.14 views

CVE-2025-52365

The CVE-2025-52365 entry concerns a command injection in the szc script of the ccurtsinger/stabilizer repo. The issue stems from improper input handling where command-line arguments are directly concatenated into shell commands via os.system(), enabling remote command execution. Public references...

7.8CVSS6.2AI score0.0053EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.8 views

CVE-2026-28207

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

7.3CVSS6.1AI score0.00935EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 11:16 p.m.12 views

CVE-2026-28207

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

7.3CVSS0.00935EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 10:17 p.m.5 views

EUVD-2026-8908

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

6.6CVSS6.1AI score0.00935EPSS
Exploits1References1
CVE
CVE
added 2026/02/26 10:17 p.m.25 views

CVE-2026-28207

CVE-2026-28207 (Zen C) : Prior to 0.4.2, Zen C’s compiler could be tricked into executing arbitrary shell commands via a crafted output filename passed to -o. The flaw resided in the main.c logic where a command string was built by concatenating arguments and executed with system(), allowing shel...

7.3CVSS6.1AI score0.00935EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/02/25 4:13 p.m.257 views

Exploit for Integer Overflow or Wraparound in Linux Linux_Kernel

CVE-2022-0185-Analysis-and-Exploit Research and proof-of-conce...

8.4CVSS8.7AI score0.25151EPSS
Exploits11
NVD
NVD
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.05517EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/14 3:9 p.m.9 views

EUVD-2026-5915

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

5.2AI score0.00119EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of purification of the system call table index during speculative execution. This...

7CVSS7AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/02/10 7:47 p.m.14 views

CVE-2021-26381

CVE-2021-26381 concerns improper system call parameter validation in the Trusted OS (TOS) that could let a malicious driver map/unmap a large number of pages, potentially causing kernel memory corruption. The connected sources describe this as a local, high-privilege issue with impact to memory c...

7.1CVSS5.5AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: acct: performs the last write operation from the workqueue. In 1, it was reported that the acct2 system call can be used to trigger a NULL derefrence in cases where it is set to write to a file that triggers an internal lookup...

5.5CVSS6.4AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.9 views

CVE-2026-0785

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

8.8CVSS6.5AI score0.01256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.6 views

CVE-2026-0784

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.5AI score0.0148EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 4:16 a.m.3 views

CVE-2026-0786

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

8.8CVSS6.3AI score0.01186EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 3:28 a.m.3 views

CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS7.7AI score0.01685EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/23 3:28 a.m.3 views

CVE-2026-0758 mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability

mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the...

7.8CVSS6.2AI score0.00658EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 3:27 a.m.51 views

CVE-2026-0757 MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

8.8CVSS0.01253EPSS
Exploits0References1
Rows per page
Query Builder