Lucene search
K

148 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 2:57 p.m.3 views

CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
AlpineLinux
AlpineLinux
added 2026/04/02 2:57 p.m.8 views

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
OSV
OSV
added 2026/04/01 11:18 p.m.3 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/30 5:1 p.m.13 views

Glances Vulnerable to Command Injection via Dynamic Configuration Values

Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2026/03/30 5:1 p.m.2 views

GHSA-QHJ7-V7H7-Q4C7 Glances Vulnerable to Command Injection via Dynamic Configuration Values

Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29155

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, allows for the execution of arbitrary system commands through dynamic configuration values. Specifically, substrings enclosed in backticks within...

7.8CVSS6.2AI score0.00866EPSS
Exploits4References10
OSV
OSV
added 2026/03/27 5:49 p.m.5 views

GHSA-67JX-R9PV-98RJ Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Summary There is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection. User-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing ...

6.1CVSS5.9AI score0.00463EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/27 3:28 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 3:28 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 7:18 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 5:33 a.m.4 views

CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 5:33 a.m.26 views

CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 5:33 a.m.4 views

CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 10:22 p.m.27 views

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

9.8CVSS7.6AI score0.00788EPSS
Exploits1References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/03/26 12:0 a.m.8 views

Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter . When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store , doKey embeds the key into a backtick-delimited Cypher...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2026/03/23 12:0 a.m.119 views

📄 Barracuda ESG TAR Filename Command Injection

This Metasploit module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands...

9.8CVSS7.8AI score0.86956EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.4 views

SUSE CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/11 6:44 p.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS7.2AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 6:44 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:54 p.m.5 views

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder