Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.5 views

PT-2026-43702

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smart enumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi...

8.8CVSS6AI score0.00074EPSS
Exploits0References3
OSV
OSVadded 2025/09/25 1:34 p.m.1 views

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

8.7CVSS7.7AI score0.00147EPSS
Exploits1References4
EUVD
EUVDadded 2025/09/10 7:48 p.m.3 views

EUVD-2025-27608

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...

9.8CVSS6.8AI score0.50933EPSS
Exploits6References8
OSV
OSVadded 2025/09/10 7:48 p.m.3 views

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

9.8CVSS9.5AI score0.50933EPSS
Exploits6References9
Cvelist
Cvelistadded 2025/09/10 6:41 p.m.8 views

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS0.50933EPSS
Exploits6References6
OSV
OSVadded 2025/05/15 4:10 p.m.5 views

GHSA-G5MQ-PRX7-C588 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...

9.3CVSS7.2AI score0.00331EPSS
Exploits0References6
securityvulns
securityvulnsadded 2003/03/12 12:0 a.m.43 views

Vulnerability in man < 1.5l

man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file. The basic problem is, upon finding a string with a quoting problem, the function myxsprintf in util.c will return "unsafe" rather than returning a string which could be...

1.1AI score
Exploits0
Rows per page
Query Builder