Lucene search
K

10 matches found

CVE
CVE
added 2026/06/23 12:13 p.m.17 views

CVE-2026-56274

Flowise

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.54 views

CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS0.02683EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 6:32 p.m.9 views

CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

8.8CVSS7.3AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0932

Malware in sbrugna...

9.8CVSS9.3AI score0.02316EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.2 views

SUSE CVE-2014-7817

The wordexp function in GNU C Library aka glibc 2.21 does not enforce the WRDENOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$..."...

4.6CVSS7.5AI score0.00578EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/11/16 12:0 a.m.7 views

PT-2021-8154

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to errors in resource management within the ufshcd abort function in the Linux kernel's UFS component. This can potentially allow an attacker to cause a denial of...

5.5CVSS5.8AI score0.00228EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/10 7:16 p.m.88 views

Command injection in nodemailer

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

9.8CVSS9.4AI score0.02316EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2020/11/12 9:15 a.m.16 views

CVE-2020-7769

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

9.8CVSS9.6AI score0.02316EPSS
Exploits1References4
OSV
OSV
added 2020/11/12 9:15 a.m.1 views

UBUNTU-CVE-2020-7769

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

9.8CVSS5.9AI score0.02316EPSS
Exploits1References6
Cvelist
Cvelist
added 2020/11/12 8:30 a.m.24 views

CVE-2020-7769 Command Injection

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails...

8.6CVSS9.8AI score0.02316EPSS
Exploits1References4
Rows per page
Query Builder