Lucene search
K

1445 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20983

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.8 Description A command injection issue exists in Deno's node:child process implementation. The issue allows for arbitrary command execution through crafted input provided to the spawnSync function when the shell...

9.8CVSS5.9AI score0.02213EPSS
Exploits1References13
OSV
OSV
added 2026/02/17 6:9 p.m.6 views

GO-2026-4493 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke...

8.8CVSS5.6AI score0.004EPSS
Exploits1References2
CVE
CVE
added 2026/02/16 12:10 p.m.37 views

CVE-2026-1046

Mattermost Desktop App versions

7.6CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-8017

Name of the Vulnerable Software and Affected Versions MojoPortal CMS version 2.9.0.1 Description A zip slip vulnerability exists in the /DesignTools/SkinList.aspx API endpoint of the software. This allows attackers to execute arbitrary commands by uploading a specially crafted zip file. The zip...

10CVSS6.1AI score0.00628EPSS
Exploits0References8
CNVD
CNVD
added 2026/02/11 12:0 a.m.3 views

TOTOLINK WA300 OS Command Injection Vulnerability

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...

8.8CVSS6.7AI score0.02268EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.15 views

OpenSTAManager 操作系统命令注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the P7M file decoding function’s...

9.4CVSS6.1AI score0.01755EPSS
Exploits12References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Dokploy operating system command injection vulnerability

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to operating system command injection. This vulnerability stemmed from command injection in the WebSocket endpoint/docker-container-terminal, which could allow for...

9.9CVSS6.1AI score0.02518EPSS
Exploits2References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/23 6:22 a.m.8 views

Command injection vulnerability in ASUS routers

Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...

9.8CVSS5.9AI score0.00968EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-3888

Name of the Vulnerable Software and Affected Versions AES affected versions not specified Description AES contains a SQL injection issue because of an inactive configuration that bypasses the latest SQL parsing logic. Without this configuration enabled, specially crafted input can be mishandled,...

8.6CVSS6.1AI score0.00353EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.5 views

Ruijie AP180 Series Operating System Command Injection Vulnerability

The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...

8.6CVSS7.3AI score0.0154EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/21 1:1 a.m.9 views

Orval has a code injection via unsanitized x-enum-descriptions in enum generation

Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...

9.8CVSS6.3AI score0.0075EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 6:6 p.m.2 views

CVE-2026-23836

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

9.9CVSS5.9AI score0.00392EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/13 7:1 a.m.6 views

WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin FluentForm versions = 6.1.11...

5.3CVSS5.5AI score0.00233EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.01203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.10 views

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...

5.4CVSS6.4AI score0.00478EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.20 views

CVE-2019-20610

An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...

9.3CVSS7.6AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:51 a.m.12 views

CVE-2013-6127

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the...

5.8CVSS7.7AI score0.13915EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.3 views

Selea CarPlateServer 访问控制错误漏洞

Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...

9.3CVSS7AI score0.0043EPSS
Exploits1References4
NVD
NVD
added 2025/12/18 9:15 p.m.6 views

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...

8.8CVSS0.0028EPSS
Exploits0References3
CVE
CVE
added 2025/12/18 7:22 a.m.8 views

CVE-2025-60068

CVE-2025-60068 is a WordPress plugin vulnerability in Javo Core (WordPress plugin) that allows arbitrary code execution due to improper control over code generation (code injection). Affected version range: Javo Core up to

6.5CVSS6.6AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder