Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

70679 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/28 5:59 a.m.12 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00474EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/28 5:59 a.m.9 views

EUVD-2026-32726

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00474EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/28 5:59 a.m.6 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00474EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/28 5:59 a.m.32 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS0.00474EPSS
Exploits0References2
CVE
CVEadded 2026/05/28 5:59 a.m.17 views

CVE-2026-44604

CVE-2026-44604 affects the RPM rpmuncompress utility. The vulnerability arises when extracting ZIP, 7z, or GEM archives to a destination directory: the archive’s top-level folder name is inserted into a shell command without proper sanitization, allowing a crafted archive with shell metacharacter...

7CVSS6AI score0.00474EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/28 5:59 a.m.9 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00474EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/28 12:0 a.m.7 views

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01243EPSS
Exploits0References1
CVE
CVEadded 2026/05/28 12:0 a.m.12 views

CVE-2026-38707

Affects InHand Networks IR302 firmware v3.5.108, IR305 v1.0.118, IR315 v1.0.118, IR615 v1.0.118 (and earlier). The issue is a command injection in the IPSec VPN feature that can grant ROOT privileges on remote targets. CVSS 3.1: 9.8 (CRITICAL) with network access, no user interaction, and high im...

9.8CVSS5.8AI score0.01243EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.8 views

InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. Several products in the InHand IR Series have security vulnerabilities. These vulnerabilities stem from command injection in the Admin Access function, which may all...

9.8CVSS5.9AI score0.01243EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.8 views

PT-2026-44197

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00474EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:0 a.m.13 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.01243EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.11 views

PT-2026-44404

Name of the Vulnerable Software and Affected Versions IR302 versions prior to 3.5.108 IR305 versions prior to 1.0.118 IR315 versions prior to 1.0.118 IR615 versions prior to 1.0.118 Description A command injection issue exists in the ZeroTier VPN feature. This allows remote attackers to execute...

9.8CVSS6.1AI score0.01243EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/28 12:0 a.m.29 views

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

0.01243EPSS
Exploits0References1
CVE
CVEadded 2026/05/28 12:0 a.m.14 views

CVE-2026-38702

CVE-2026-38702 is a command injection vulnerability in InHand Networks’ Admin Access feature affecting IR302 (V3.5.108) and IR305/IR315/IR615 (V1.0.118) and earlier firmware. The issue could allow remote attackers to gain ROOT privileges on target devices. The connected sources confirm affected m...

9.8CVSS5.8AI score0.01243EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:0 a.m.7 views

CVE-2026-38704

A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:0 a.m.6 views

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01243EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.8 views

PT-2026-44403

Name of the Vulnerable Software and Affected Versions InHand Networks IR302 versions prior to V3.5.108 InHand Networks IR305 versions prior to V1.0.118 InHand Networks IR315 versions prior to V1.0.118 InHand Networks IR615 versions prior to V1.0.118 Description A command injection issue exists in...

9.8CVSS6.1AI score0.01243EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.7 views

PT-2026-44725

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.2.5-1.1 Description Command injection occurs in the ProcessMergeDriver when the file path from the git tree is substituted into the merge driver command via the %P placeholder. This command is then executed using...

7.7CVSS6AI score0.00797EPSS
Exploits0References18
Vulnrichment
Vulnrichmentadded 2026/05/28 12:0 a.m.10 views

CVE-2026-38707

A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target device...

5.8AI score0.01243EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.7 views

rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

7CVSS6.1AI score0.00474EPSS
Exploits0References2
Rows per page
Query Builder