44846 matches found
Dive code injection vulnerability
Dive is a desktop application for MCP hosts, open-sourced by OpenAgentPlatform. Versions of Dive prior to 0.13.0 contained a code injection vulnerability. This vulnerability stemmed from specially crafted deep links that allowed the installation of MCP server configurations controlled by attacker...
MiracleLinux 7 : sudo-1.8.6p7-23.el7 (AXSA:2017-1708:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1708:02 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...
SAP NetWeaver Command Injection (January 2026)
The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...
CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
EUVD-2026-2738
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2026-22265
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
CVE-2026-22718
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...
MAL-2026-282 Malicious code in experian-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 629f30cfc3fe4cc45698b5cce11973037d0fa7f6564fc999aef0247701f6fee5 The package experian-design-system was found to contain malicious code. Source: ghsa-malware...
PT-2026-3034
Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can...
Linux Distros Unpatched Vulnerability : CVE-2023-54335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers...
CVE-2022-50806
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
CVE-2025-37175
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
CVE-2025-37174
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...
BIT-ENVOY-GATEWAY-2026-22771 Envoy Extension Policy lua scripts injection causes arbitrary command execution
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...
CVE-2026-22718 Command injection vulnerability
The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...
CVE-2026-0507
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables...
VMware Spring CLI VSCode Extension 安全漏洞
VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...
Blurams Flare Camera 安全漏洞
Blurams Flare Camera is a webcam from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from an insecure authentication mechanism that could lead to the execution of arbitrary commands...
TencentOS Server 2: httpd (TSSA-2026:0012)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...