Lucene search
K

206127 matches found

Cvelist
Cvelist
added 2026/01/18 3:37 p.m.30 views

CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...

8.5CVSS0.08497EPSS
Exploits1References2
Debian
Debian
added 2026/01/17 4:51 p.m.7 views

[SECURITY] [DSA 6103-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2026 https://www.debian.org/security/faq -...

9.8CVSS7.5AI score0.0057EPSS
Exploits0
OSV
OSV
added 2026/01/17 9:2 a.m.12 views

RLSA-2026:0728 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...

7.8CVSS7.7AI score0.00129EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.6 views

CVE-2025-65118

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

9.3CVSS7.5AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.12 views

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

9.8CVSS7.8AI score0.00899EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 12:23 a.m.6 views

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....

9.8CVSS7.8AI score0.0083EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.3 views

Debian dsa-6103 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6103 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected]...

9.8CVSS9AI score0.0057EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.7 views

RockyLinux 10 : gnupg2 (RLSA-2026:0697)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0697 advisory. GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 Tenable has extracted the preceding descriptio...

7.8CVSS6.4AI score0.00129EPSS
Exploits1References3
OSV
OSV
added 2026/01/16 9:3 p.m.3 views

GHSA-CC8M-98FM-RC9G Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

8.8CVSS7.2AI score0.00473EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/16 8:52 p.m.5 views

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/16 8:52 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/16 8:7 p.m.20 views

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS0.00473EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/16 8:7 p.m.5 views

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS6.3AI score0.00473EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/16 8:7 p.m.4 views

EUVD-2026-2860

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

8.8CVSS6.2AI score0.00473EPSS
Exploits1References5
CVE
CVE
added 2026/01/16 7:29 p.m.22 views

CVE-2026-23722

WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...

9.1CVSS5.4AI score0.00212EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47847

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS0.00153EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.4 views

CVE-2021-47847

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS5.7AI score0.00153EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.23 views

CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

8.5CVSS0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 7:9 p.m.13 views

CVE-2021-47841

CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...

6.1CVSS6.9AI score0.00378EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 7:9 p.m.8 views

CVE-2021-47828

CVE-2021-47828 relates to BOOTP Turbo 2.0.0.1253, where the Windows service bootpt.exe uses an unquoted service path. The underlying issue is an unquoted path in the service configuration, enabling elevated LocalSystem code execution during startup or reboot. Mitigation is to quote the service pa...

8.5CVSS7.5AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder