43061 matches found
GHSA-QPC3-8VQG-8G6W pymetasploit3 vulnerable to command injection in console.run_module_with_output()
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
CVE-2026-5463
The vulnerability CVE-2026-5463 affects the pymetasploit3 project (through version 1.0.6) where console.run_module_with_output() accepts newline characters in module options (e.g., RHOSTS). This can break the intended command structure and cause the Metasploit console to execute additional uninte...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the node pairing process. An attacker can execute arbitrary commands on the host system by exploiting insufficient enforcement of node scope restrictions. This ...
PT-2026-30171
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.33.4 Description Budibase, an open-source low-code platform, prior to version 3.33.4, allows arbitrary command execution through the bash automation step. This occurs because user-provided commands are executed usi...
PT-2026-30865
Name of the Vulnerable Software and Affected Versions FTLDNS pihole-FTL versions 6.0 through 6.5 Description The Pi-hole FTL engine contains a Remote Code Execution RCE issue in the upstream DNS servers configuration parameter dns.upstreams. An authenticated attacker can inject arbitrary dnsmasq...
OpenPrinting CUPS 安全漏洞
OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. OpenPrinting CUPS versions 2.4.16 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of non-privileged local user...
PT-2026-30260
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2026-1345
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...
EUVD-2026-18400
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-34430
ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...
K000159875: Apache HTTP Server vulnerability CVE-2025-65082
Security Advisory Description Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HT...
MAL-2026-2439 Malicious code in expeewas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcb3aafc860058ba4e9a64c6fa7dba85b7df72d68971ef7c673245e4ac02820f The package expeewas was found to contain malicious code. Source: ossf-package-analysis...