Lucene search
K

17959 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-33256

Mautic has SQL Injection in API Contact Filtering...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday24 views

DATAGERRY - REST API Auth Bypass

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...

9.1CVSS6AI score0.03924EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday29 views

TurboMeeting - Post-Authentication Command Injection

The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...

7.2CVSS6.1AI score0.03216EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday24 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday48 views

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS7.6AI score0.54413EPSS
Exploits9References3
Nuclei
Nuclei
added yesterday65 views

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

9.8CVSS7.2AI score0.14003EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday34 views

Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. id: CVE-2020-35713 info: name: Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution author: gy741 severity:...

10CVSS7.6AI score0.32704EPSS
Exploits2References5
NVD
NVD
added 2 days ago5 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40929

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS5.9AI score0.01129EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago4 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS5.9AI score0.0047EPSS
Exploits0References8
NVD
NVD
added 3 days ago9 views

CVE-2026-56137

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...

8.4CVSS0.00677EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-56137

RPG MAKER MV and MZ (Gotcha Gotcha Games Inc.) have an OS command injection vulnerability. When a user loads a specially crafted save-file, arbitrary OS commands may be executed. Affected components and root cause are stated as OS command injection, with high impact (CVE-2026-56137). The supplied...

8.4CVSS7.2AI score0.00677EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS0.00297EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 days ago8 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

PYSEC-2026-559 Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS6.8AI score0.00974EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

PYSEC-2026-296 Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

9.8CVSS8.1AI score0.01497EPSS
Exploits0References6
Nuclei
Nuclei
added 5 days ago74 views

Moodle - Remote Code Execution

Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system. id: CVE-2024-43425 info: name: Moodle - Remote Code Execution author:...

8.1CVSS7.5AI score0.83343EPSS
Exploits8References4
EUVD
EUVD
added last week9 views

EUVD-2026-39801

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS6AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-54090

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...

8.7CVSS0.00323EPSS
Exploits0References2
Rows per page
Query Builder