Lucene search
K

8091 matches found

Cvelist
Cvelist
added yesterday11 views

CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

Exploits0References1
Fedora
Fedora
added 3 days ago9 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
NVD
NVD
added 5 days ago10 views

CVE-2026-5801

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS0.00404EPSS
Exploits0References1
CVE
CVE
added 5 days ago15 views

CVE-2026-5801

SEM-PMP (Semtek Informatics Software Consulting Trade Ltd. Co.) is affected by CVE-2026-5801 due to improper neutralization of special elements in SQL commands, enabling SQL injection that can lead to Command Line Execution. The vulnerability is rated CVSS v3.1 base score 9.8 (CRITICAL) with netw...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42972

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-5801 SQLi in Semtek Informatics' SEM-PMP

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00176EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-54000

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.014EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.2

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

8CVSS7.1AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42515

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...

8.3CVSS7.4AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-41857

CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 6 days ago19 views

[SECURITY] Fedora 44 Update: upower-1.91.3-1.fc44

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

5.9AI score
Exploits0
OSV
OSV
added last week2 views

MAL-2026-7021 Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
Rows per page
Query Builder