Lucene search
K

45045 matches found

Veracode
Veracode
added 2025/11/26 9:23 a.m.9 views

Remote Command Execution

n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...

7.7AI score
Exploits0
Veracode
Veracode
added 2025/11/26 6:14 a.m.4 views

Path Traversal

ZenML is vulnerable to a path traversal. The vulnerability is due to improper validation of file paths during data.tar.gz extraction in the PathMaterializer class, which fails to detect symbolic and hard links, allowing an attacker to write arbitrary files and potentially achieve arbitrary comman...

7.8CVSS7.3AI score0.00334EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.3 views

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

7.9AI score0.07205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/25 8:56 p.m.12 views

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.8AI score0.03696EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 2:29 p.m.7 views

CLSA-2025-1764080949 pcp: Fix of CVE-2024-3019

CVE-2024-3019: Fix default pmproxy configuration to restrict access to Redis server backend, preventing remote command execution...

8.8CVSS7.1AI score0.01002EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.2 views

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from improper handling of Teradata driver parameters, which could lead to the execution of...

7.5CVSS6.7AI score0.00206EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 12:40 p.m.6 views

Malicious code in signup-failover (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 312b617198eea306feca99cf5c14a0edb7668482ca605c8e74c2d20f71eddd19 The package signup-failover was found to contain malicious code. Source: ghsa-malware 930d3ccde5bf7b3147cb807fddbc366f04c3185a70a8ff885f106503b657300...

7AI score
Exploits0References1
CVE
CVE
added 2025/11/24 11:30 a.m.12 views

CVE-2025-12740

CVE-2025-12740 affects Looker where a user with Developer role could create a DB2 database connection and, by manipulating LookML, cause Looker to execute a malicious command due to inadequate filtering of the IBM DB2 driver’s parameters. Concrete details across multiple sources confirm the vulne...

7.7CVSS6.6AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 11:30 a.m.4 views

EUVD-2025-198628

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

7.7CVSS6.5AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/24 11:30 a.m.9 views

CVE-2025-12740 Remote Command Execution in Looker via IBM DB2 JDBC drive

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

7.7CVSS0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.4 views

TVT NVMS-9000 安全漏洞

The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...

9.3CVSS7.5AI score0.03696EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47964

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.8AI score0.03696EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.2 views

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from insufficient filtering of Denodo driver parameters, which could lead to the execution of...

7.7CVSS6.7AI score0.00215EPSS
Exploits0References2
OSV
OSV
added 2025/11/23 4:26 p.m.5 views

MAL-2025-191760 Malicious code in hooktest1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3e91d71ab21e3575f1354593a314d50bc188b0db7b3851040e522426a765417 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

7.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.8 views

CVE-2025-65946

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

8.1CVSS7.2AI score0.00608EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/11/22 3:18 p.m.275 views

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

metasploitable-Security-Assessment comprehensive penetration t...

10CVSS7.8AI score0.99999EPSS
Exploits36
CVE
CVE
added 2025/11/21 10:11 p.m.21 views

CVE-2025-65946

Roo Code (AI-powered coding agent) had a validation error before version 3.26.7 that could cause it to automatically execute commands not on the allowed prefixes list. The issue has been patched in version 3.26.7. Affected CVE-2025-65946 entries from multiple feeds confirm the vulnerability and p...

8.1CVSS6.9AI score0.00608EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-63408

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...

7.8CVSS7.1AI score0.00346EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/21 12:0 a.m.1 views

Command Execution Vulnerability in DH2100+ NAS of Shenzhen Greenlink Technology Co.

The DH2100+ NAS is a two-drive network attached storage device designed for home and personal users. A command execution vulnerability exists in the Shenzhen Greenlink DH2100+ NAS, which can be exploited by attackers to remotely execute commands...

6.1AI score
Exploits0
OSV
OSV
added 2025/11/20 10:25 p.m.7 views

MAL-2025-191772 Malicious code in kdewebhelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...

7.5AI score
Exploits0References1
Rows per page
Query Builder