Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2025/07/30 12:34 a.m.13 views

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

5.1CVSS0.0003EPSS
Exploits1References3
OSV
OSVadded 2021/11/22 7:15 p.m.2 views

CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

7.6CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2021/11/22 6:58 p.m.13 views

CVE-2021-38448 Trane Symbio Improper Control of Generation of Code

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

7.5CVSS7.7AI score0.00127EPSS
Exploits0References1
OSV
OSVadded 2021/10/27 1:15 a.m.2 views

CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

8.8CVSS7.4AI score
Exploits0References1
CVE
CVEadded 2021/10/27 12:48 a.m.85 views

CVE-2021-38450

CVE-2021-38450 (Trane Tracer) is caused by improper sanitization of input containing code syntax, enabling code injection that could alter controller flow. Affected products and versions: Tracer SC (all versions before v4.4 SP7), Tracer SC+ (before v5.5 SP3), Tracer Concierge (before v5.5 SP3). I...

9.9CVSS9.2AI score0.00284EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2021/04/21 12:0 a.m.5 views

Eaton Intelligent Power Manager Eval Injection Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

10CVSS7.3AI score0.00427EPSS
Exploits0References1
Prion
Prionadded 2020/03/30 10:15 p.m.13 views

Command injection

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

9CVSS7.4AI score0.00692EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder