Lucene search
+L

6 matches found

osv
osv
added 3 days ago5 views

MAL-2026-10480 Malicious code in node-fsmetrics-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9958558a30dea32a3b0fc2e48bb775433e1f12b339030a8d21872ad058bc28ff On require, index.js hex-decodes the URL http://152.53.120.90/cmd and starts a background loop that polls /cmd/commands, executes returned strings vi...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/06/29 5:59 a.m.10 views

Malicious code in checkmarx-claude-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26a16e61d88e467ada75205ee93a9339cdf2fb65f3ded068282b4d83b6cb05e9 When the CLI runs the documented npx checkmarx-claude-cache invocation pattern, bin/cli.js performs an HTTPS GET to a hardcoded URL on a lookalike ho...

6AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.14 views

CVE-2026-39862

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.8CVSS6.6AI score0.00555EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.10 views

uniget 操作系统命令注入漏洞

Uniget is a general-purpose tool for installing and updating software, developed by Uniget itself. Versions of Uniget prior to 0.27.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the direct execution of commands using the Bash shell scri...

7.8CVSS6.2AI score0.00715EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2024/12/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-55956

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the...

9.8CVSS7.5AI score0.93804EPSS
Exploits4References1
prion
prion
added 2023/05/22 4:15 p.m.28 views

Design/Logic Flaw

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

7.5CVSS9.1AI score0.00932EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder