Lucene search
K

147 matches found

Cvelist
Cvelist
added 2026/04/24 4:51 p.m.30 views

CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS0.00501EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 4:51 p.m.24 views

CVE-2026-41411

Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 4:51 p.m.5 views

CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.3AI score0.00501EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:51 p.m.3 views

CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/24 4:51 p.m.6 views

EUVD-2026-25575

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:27 a.m.5 views

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.4 views

PT-2026-35033

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0357 Description Command injection occurs during tag file processing. When resolving a tag, the filename field from the tags file undergoes wildcard expansion to resolve environment variables and wildcards. If this...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References47
EUVD
EUVD
added 2026/04/21 3:32 p.m.10 views

EUVD-2026-24086

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

8.6CVSS6.1AI score0.01379EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33931

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

8.6CVSS6.1AI score0.01379EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.5 views

CVE-2026-39318

ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints /GroupPropsFormRowOps.php, /PersonCustomFieldsRowOps.php, and /FamilyCustomFieldsRowOps.php. A user has to be authenticated. For ManageGroups privileges have to be...

8.8CVSS6AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35021

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

8.4CVSS6.2AI score0.00041EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 5:27 p.m.3 views

EUVD-2026-19808

ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqlirealescapestring function does not escape...

8.8CVSS6.1AI score0.0034EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...

7.8CVSS5.3AI score0.00866EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.7 views

SUSE CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
NVD
NVD
added 2026/04/02 3:16 p.m.5 views

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS0.00866EPSS
Exploits3References3
OSV
OSV
added 2026/04/02 3:16 p.m.2 views

DEBIAN-CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS5.7AI score0.00866EPSS
Exploits3References1
OSV
OSV
added 2026/04/02 3:16 p.m.4 views

UBUNTU-CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References2
AlpineLinux
AlpineLinux
added 2026/04/02 2:57 p.m.8 views

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:57 p.m.3 views

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS5.9AI score0.00866EPSS
Exploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:57 p.m.3 views

CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
Rows per page
Query Builder