Lucene search
+L

18011 matches found

CVE
CVE
added 2026/06/17 5:7 p.m.33 views

CVE-2026-20266

Summary: CVE-2026-20266 affects Splunk AI Toolkit

9.1CVSS5.9AI score0.00469EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 9:32 p.m.13 views

EUVD-2026-37206

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS5.4AI score0.00921EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 a.m.16 views

CVE-2025-9912

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...

6.3CVSS0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 5:40 a.m.32 views

CVE-2025-10262 An unsanitized format validation vulnerability in Nokia SR Linux

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges...

0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 3:30 a.m.11 views

EUVD-2026-37023

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

5.7AI score0.00295EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 11:55 p.m.33 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

9.8CVSS0.0056EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49549

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager version 2026.2.7 Description Improper input validation in the SSH Elevate Shell feature allows an authenticated user with permissions to create or modify a shared SSH entry to execute arbitrary commands on a...

8.8CVSS5.8AI score0.00295EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.19 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS
Exploits1References2
CVE
CVE
added 2026/06/12 5:34 p.m.218 views

CVE-2026-48163

CVE-2026-48163 affects MariaDB (wsrep SST): during donor–donor synchronization, the donor interpolates parameters from the joiner in the SST rsync command line, and not all parameters are validated. This could allow a malicious joiner to execute arbitrary shell commands on the donor side. Patched...

9.1CVSS5.8AI score0.00654EPSS
Exploits0References12Affected Software1
EUVD
EUVD
added 2026/06/12 2:27 a.m.28 views

EUVD-2026-36376

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.9AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.12 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.8AI score0.00409EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48840

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS5.8AI score0.00951EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.32 views

PT-2026-48909

Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...

9.8CVSS5.4AI score0.00412EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/11 9:41 p.m.12 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS5.7AI score0.0055EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 7:16 p.m.44 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS0.00219EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/11 6:32 p.m.10 views

EUVD-2026-36281

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS5.9AI score0.00219EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/11 6:32 p.m.12 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:31 p.m.39 views

CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.1CVSS0.00135EPSS
Exploits0References3
Rows per page
Query Builder