Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Veracode
Veracodeadded 2025/11/04 2:0 p.m.3 views

OS Command Injection

github.com/chaos-mesh/chaos-mesh is vulnerable to OS command Injection. The vulnerability is due to unsanitized input handling in the cleanTcs mutation due to user-controlled fields being passed to operating-system command execution without proper validation. An attacker can use this to perform...

9.8CVSS8.2AI score0.02067EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-29176

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.02067EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2025/09/19 11:22 p.m.1 views

SUSE CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.02067EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/09/17 12:49 p.m.2 views

CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.4AI score0.02067EPSS
Exploits2References1
NVD
NVDadded 2025/09/15 12:15 p.m.3 views

CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS0.02067EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/09/15 11:40 a.m.2 views

CVE-2025-59359 OS command injection in Chaos Mesh via the cleanTcs mutation

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.1AI score0.02067EPSS
Exploits1References2
CVE
CVEadded 2025/09/15 11:40 a.m.18 views

CVE-2025-59359

CVE-2025-59359 concerns the Chaos Controller Manager in Chaos Mesh, where the cleanTcs mutation is vulnerable to OS command injection. This is paired with CVE-2025-59358, which describes an unauthenticated GraphQL debugging server that can kill processes across pods, enabling cluster-wide remote ...

9.8CVSS8.1AI score0.02067EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/09/15 12:0 a.m.1 views

PT-2025-37474

Name of the Vulnerable Software and Affected Versions Chaos Mesh affected versions not specified Description A command injection flaw exists in Chaos Mesh’s cleanTcs mutation. This flaw allows unauthenticated in-cluster attackers to perform remote code execution across the cluster. The...

9.9CVSS8.4AI score0.50933EPSS
Exploits20References54
CNNVD
CNNVDadded 2025/09/15 12:0 a.m.3 views

chaos-mesh 操作系统命令注入漏洞

chaos-mesh is an open source engineering platform from Chaos Mesh. Chaos-mesh suffers from an OS command injection vulnerability that stems from the cleanTcs mutation being susceptible to an OS command injection attack that could lead to remote code execution...

9.8CVSS8.3AI score0.02067EPSS
Exploits1References2
Rows per page
Query Builder