Lucene search
+L

7724 matches found

susecve
susecve
added yesterday7 views

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

5.2CVSS6.2AI score0.00669EPSS
Exploits0References4
cve
cve
added yesterday12 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
cve
cve
added yesterday36 views

CVE-2025-65720

Open Source GPT Researcher v3.3.7 is affected by a vulnerability that allows remote code execution when a user interacts with a crafted HTML page. The NVD entry for CVE-2025-65720 confirms arbitrary command execution on the victim system, but the available documents do not detail the exact root c...

6.4AI score
Exploits0References3
cvelist
cvelist
added 3 days ago35 views

CVE-2026-61498 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
redhatcve
redhatcve
added 3 days ago10 views

CVE-2026-59856

A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remo...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References5
veracode
veracode
added 3 days ago4 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
nvd
nvd
added 6 days ago7 views

CVE-2026-56688

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achie...

9.1CVSS0.01285EPSS
Exploits0References1
cve
cve
added 6 days ago13 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
debiancve
debiancve
added last week6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
attackerkb
attackerkb
added last week6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3Affected Software1
alpinelinux
alpinelinux
added last week4 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
nvd
nvd
added last week10 views

CVE-2026-59734

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS0.00417EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.8 views

PT-2026-57013

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0736 Description The PHP omni-completion script in runtime/autoload/phpcomplete.vim fails to escape class or trait names taken from the edited buffer before interpolating them into a search pattern executed via win...

8.4CVSS6.4AI score0.00169EPSS
Exploits1References17
attackerkb
attackerkb
added 2026/07/08 9:10 p.m.6 views

CVE-2026-55849

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/07/06 9:16 p.m.8 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/06 8:16 p.m.6 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score0.00523EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/06 5:41 p.m.5 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.31 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.43 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
nvd
nvd
added 2026/07/03 3:16 p.m.10 views

CVE-2026-49813

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS0.0046EPSS
Exploits0References1
Rows per page
Query Builder