Lucene search
K

70987 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 9:25 p.m.9 views

WWBN AVideo: RCE cause by clonesite plugin

Description Summary The cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via exec, allowing command injection. An attacker can inje...

9.8CVSS6.2AI score0.02221EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/16 9:25 p.m.8 views

GHSA-XR6F-H4X7-R6QP WWBN AVideo: RCE cause by clonesite plugin

Description Summary The cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via exec, allowing command injection. An attacker can inje...

9.8CVSS6.2AI score0.02221EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/16 9:24 p.m.5 views

Command Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Command Injection via the runMac and runLinux functions. An attacker can execute arbitrary system commands and compromise the system by supplying malicious remote...

9.8CVSS6AI score0.01572EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 9:24 p.m.8 views

electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

9.8CVSS5.9AI score0.01572EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/16 9:24 p.m.8 views

GHSA-WXW2-RWMH-VR8F electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

9.8CVSS6.1AI score0.01572EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 9:18 p.m.6 views

Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Command Injection via the Custom MCP configuration in http://localhost:3000/canvas. An attacker can execute arbitrary commands on the underlying operating system by supplying crafted argument...

9.9CVSS6.3AI score0.01987EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.7 views

CVE-2026-6158

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS5.5AI score0.01409EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 3:5 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the glob npm package

Summary Due to use of the glob npm package, DevOps Test Performance and Rational Performance Tester contain a potential command injection vulnerability. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior t...

7.5CVSS6.4AI score0.03026EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/16 2:52 p.m.9 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:50 p.m.5 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:48 p.m.7 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:46 p.m.15 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:19 p.m.14 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:14 p.m.8 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 2:9 p.m.5 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 1:57 p.m.8 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 1:56 p.m.9 views

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

7.5CVSS6.1AI score0.02279EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 10:59 a.m.9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.28 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

8.3CVSS6.5AI score0.02006EPSS
Exploits3References8
OSV
OSV
added 2026/04/16 9:17 a.m.5 views

SUSE-SU-2026:1387-1 Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. - CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead...

9.2CVSS6.4AI score0.00834EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/16 4:0 a.m.114 views

Exploit for CVE-2026-40176

!CAUTION THIS REPOSITORY CONTAINS PROOF-OF-CONCEPT CODE FO...

8.8CVSS6AI score0.01688EPSS
Exploits4
Rows per page
Query Builder