Lucene search
K

45048 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/02 3:51 a.m.7 views

Malicious code in currenttimerlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/02 3:51 a.m.4 views

MAL-2026-3229 Malicious code in currenttimerlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c8597070407b25804a26b2e7245768836031c1686a98750599ba2ce1833d4aa During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
Snyk
Snyk
added 2026/05/02 3:31 a.m.7 views

Arbitrary Command Injection

Overview yii2-mcp-server is a MCP Server for Yii2 Framework - Database schema inspection, command execution, and project management Affected versions of this package are vulnerable to Arbitrary Command Injection via the yiicommandhelp or yiiexecutecommand functions in the MCP Interface. An attack...

6.5CVSS6.1AI score0.0111EPSS
Exploits0References2
OSV
OSV
added 2026/05/02 12:51 a.m.6 views

MAL-2026-3226 Malicious code in timesmcp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 85630b024b2eb06c5002dd3ac72fa8bf4733f08d34de10bf0eca0851bf2d9f86 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/02 12:15 a.m.3 views

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/01 12:6 p.m.6 views

RLSA-2026:11389 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.2CVSS6.5AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 7:11 a.m.11 views

MAL-2026-3311 Malicious code in path-addon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1a7df799b6bd11bd036f1cfb1de6b1dfe0e4e72082be1b8a60537a59e5ae58 path-addon impersonates the Node.js core path module package name path-addon, README claims to be 'an exact copy of the NodeJS path module'. The body...

5.5AI score
Exploits0References3
EUVD
EUVD
added 2026/05/01 12:0 a.m.7 views

EUVD-2026-26701

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

6.5CVSS6.1AI score0.00816EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36852

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...

10CVSS6.6AI score0.00921EPSS
Exploits1References45
NVD
NVD
added 2026/04/30 10:16 p.m.4 views

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 9:29 p.m.33 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 9:29 p.m.3 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3
CVE
CVE
added 2026/04/30 9:29 p.m.16 views

CVE-2026-7551

The CVE describes a remote code execution vulnerability in HKUDS OpenHarness exposed via the /bridge command. An attacker-enabled /bridge spawn command can forward attacker-controlled text to the bridge session manager and execute commands through the shared shell subprocess helper, allowing shel...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/30 9:11 p.m.4 views

EUVD-2026-26448

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS5.7AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 7:16 p.m.8 views

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS0.00547EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 6:35 p.m.10 views

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/30 6:0 p.m.8 views

RLSA-2026:11509 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.2CVSS6.4AI score0.0047EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/04/30 6:0 p.m.9 views

vim security update

An update is available for vim. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

8.2CVSS6.5AI score0.0047EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.15 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.55 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.1CVSS5.6AI score0.00419EPSS
Exploits0References6
Rows per page
Query Builder