Lucene search
+L

8818 matches found

nvd
nvd
added 2 days ago7 views

CVE-2026-30618

xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...

9.8CVSS0.0061EPSS
Exploits0References2
nvd
nvd
added 2 days ago6 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

9.8CVSS0.0021EPSS
Exploits0References3
susecve
susecve
added 2 days ago7 views

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

5.2CVSS6.2AI score0.00669EPSS
Exploits0References4
cve
cve
added 2 days ago12 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2 days ago10 views

PT-2026-58872

Name of the Vulnerable Software and Affected Versions ASUS router models affected versions not specified Description Improper Validation of Integrity Check Value and Improper Certificate Validation allow a remote man-in-the-middle MITM user to force the router to download and execute arbitrary...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References4
cve
cve
added 2 days ago37 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.4AI score0.0021EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago35 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

0.0021EPSS
Exploits0References3
cvelist
cvelist
added 4 days ago37 views

CVE-2026-61498 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
redhatcve
redhatcve
added 4 days ago10 views

CVE-2026-59856

A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remo...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References5
veracode
veracode
added 4 days ago4 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
euvd
euvd
added last week8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
nvd
nvd
added last week7 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
cve
cve
added last week13 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/07/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-59858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References4
osv
osv
added 2026/07/09 11:17 p.m.2 views

DEBIAN-CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/09 10:39 p.m.6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3Affected Software1
debiancve
debiancve
added 2026/07/09 10:39 p.m.7 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/07/09 10:39 p.m.5 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
debiancve
debiancve
added 2026/07/09 10:37 p.m.6 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0
cve
cve
added 2026/07/09 10:37 p.m.13 views

CVE-2026-59858

Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...

8.4CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder