Lucene search
+L

14 matches found

cve
cve
added last week15 views

CVE-2026-59856

Vim (opensource editor) vulnerability CVE-2026-59856 affects versions prior to 9.2.0736. The PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class/trait name from the edited buffer into a search() pattern executed by win_execute() without escaping. If the name contai...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.12 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.81.1 contained security...

8.7CVSS5.8AI score0.00161EPSS
Exploits0References2
cisa_kev
cisa_kev
added 2026/02/05 12:0 a.m.11 views

React Native Community CLI OS Command Injection Vulnerability

React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...

9.8CVSS5.8AI score0.62378EPSS
In wildExploits5
cvelist
cvelist
added 2025/12/31 6:39 p.m.25 views

CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

9.3CVSS0.0043EPSS
Exploits1References4
githubexploit
githubexploit
added 2025/12/05 1:50 p.m.165 views

Exploit for CVE-2025-55182

Research: All versions of CVE-2025-55182 exploit vulnerabiliti...

10CVSS7.1AI score0.99562EPSS
Exploits375
euvd
euvd
added 2025/11/03 6:31 p.m.8 views

EUVD-2025-37505

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS7.4AI score0.62378EPSS
Exploits5References3
cvelist
cvelist
added 2025/11/03 4:35 p.m.22 views

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS0.62378EPSS
Exploits5References2
osv
osv
added 2025/11/03 4:35 p.m.7 views

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

9.8CVSS7.6AI score0.62378EPSS
Exploits5References9
veracode
veracode
added 2025/04/29 4:20 a.m.9 views

Command Injection

youtubedlsharp is vulnerable to Command Injection. The vulnerability is due to unsafe argument conversion where the UseWindowsEncodingWorkaround being enabled by default, allowing malicious commands to be injected when starting yt-dlp on Windows...

9.2CVSS6.9AI score0.00236EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2021/12/14 7:26 p.m.28 views

CVE-2021-34426 Arbitrary command execution in Keybase Client for Windows

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

5.3CVSS8.1AI score0.00239EPSS
Exploits0References1
ncsc
ncsc
added 2021/06/29 12:0 a.m.23 views

Vulnerabilities fixed in Nessus

Vulnerabilities have been fixed in Nessus. The vulnerabilities allow a locally authenticated malicious person with administrator privileges to obtain elevated privileges. The malicious party can use these privileges to execute specific Windows commands execute as the Nessus Agent host. Tenable ha...

6.7CVSS6.8AI score0.00348EPSS
Exploits0
githubexploit
githubexploit
added 2020/08/03 2:12 p.m.167 views

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 This repo was created to utilize the Nessus POC...

10CVSS9.5AI score0.0518EPSS
Exploits4
packetstorm
packetstorm
added 2012/11/21 12:0 a.m.41 views

LAN.FS Messenger 2.4 Command Execution

Title: ====== LAN.FS Messenger v2.4 - Command Execution Vulnerability Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 760 Common Vulnerability Scoring System: ==================================== 8.2 Introduction: =============...

7.4AI score
Exploits0
vulnerlab
vulnerlab
added 2012/11/13 12:0 a.m.17 views

LAN.FS Messenger v2.4 - Command Execution Vulnerability

Document Title: =============== LAN.FS Messenger v2.4 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 760...

0.4AI score
Exploits0
Rows per page
Query Builder