Lucene search
K

54 matches found

OSV
OSV
added 2025/09/10 3:6 p.m.7 views

CVE-2025-58764 Claude Code rg command had Command Injection that allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...

8.7CVSS7.3AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2025/08/05 12:7 a.m.7 views

CVE-2025-54795 Claude Code echo command allowed bypass of user approval prompt for command execution

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

8.7CVSS7.1AI score0.0097EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/28 10:42 p.m.20 views

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

5.7CVSS7.3AI score0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/26 10:6 p.m.31 views

CVE-2025-20232 Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

5.7CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 10:2 p.m.6 views

CVE-2025-20226 Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

5.7CVSS7AI score0.00434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/26 12:0 a.m.21 views

Splunk Enterprise 9.1.0 < 9.1.8, 9.2.0 < 9.2.5, 9.3.0 < 9.3.3 (SVD-2025-0304)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0304 advisory. - In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103,...

5.7CVSS5.8AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.7 views

PT-2025-13016 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.3 Splunk Enterprise versions prior to 9.2.5 Splunk Enterprise versions prior to 9.1.8 Splunk Cloud Platform versions prior to 9.3.2408.103 Splunk Cloud Platform versions prior to 9.2.2406.108 Splunk Clo...

5.7CVSS6.8AI score0.00435EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/02/14 5:22 p.m.8 views

CVE-2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects...

8.1CVSS8.6AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.70 views

Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9, 9.0.0 < 9.0.2 (SVD-2022-1106)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-1106 advisory. - In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more...

8CVSS7.8AI score0.00778EPSS
Exploits1References2
NCSC
NCSC
added 2022/09/30 12:0 a.m.4 views

Vulnerabilities fixed in IBM MQ

Vulnerabilities have been fixed in IBM MQ. The vulnerabilities allow a malicious party to bypass a command measure bypass and perform a denial-of-service DoS. IBM has released updates to fix the vulnerabilities in MQ. For more information, see: https://www.ibm.com/support/pages/node/6823767...

7.5CVSS7.5AI score0.52063EPSS
Exploits1
OSV
OSV
added 2021/04/09 3:42 p.m.20 views

GHSA-23C7-6444-399M Improper Input Validation in sopel-plugins.channelmgnt

Impact On some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have ...

7.6CVSS8.3AI score0.01072EPSS
Exploits0References7
Cvelist
Cvelist
added 2019/06/05 4:20 p.m.20 views

CVE-2019-1842 Cisco IOS XR Software Secure Shell Authentication Vulnerability

A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...

5.4CVSS5.5AI score0.01208EPSS
Exploits0References2
OSV
OSV
added 2017/10/18 6:29 p.m.4 views

DEBIAN-CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol PXP Command...

7.2CVSS8.2AI score0.02241EPSS
Exploits0References1
OSV
OSV
added 2017/04/14 6:59 p.m.11 views

CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

7CVSS7AI score
Exploits0References5
Prion
Prion
added 2017/02/23 6:59 a.m.24 views

Command injection

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors...

7.5CVSS9.3AI score0.01679EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/02/23 6:59 a.m.3 views

CVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors...

9.8CVSS5.8AI score0.01679EPSS
Exploits0References2
NVD
NVD
added 2017/02/23 6:59 a.m.18 views

CVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors...

9.8CVSS9.4AI score0.01679EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/23 6:16 a.m.19 views

CVE-2017-6205

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors...

9.4AI score0.01679EPSS
Exploits0References2
CVE
CVE
added 2017/02/23 6:16 a.m.43 views

CVE-2017-6205

CVE-2017-6205 affects D-Link DGS-1510 Websmart switches (models: DGS-1510-28XMP/28X/52X/52/28P/28/20). Firmware prior to 1.31.B003 is vulnerable to an unauthenticated command bypass via unspecified vectors. The connected documents confirm the affected devices and the unauthenticated bypass, but d...

9.8CVSS9.2AI score0.01679EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2017/01/18 4:0 p.m.46 views

Cisco WebEx Meetings Server Command Bypass Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. The vulnerability is due to insufficient security configurations of bash in interactive mode. An attacker could exploit this vulnerability by...

5.4CVSS7.2AI score0.01895EPSS
Exploits0References1
Rows per page
Query Builder