Lucene search
K

70989 matches found

OSV
OSV
added 2026/04/16 9:17 a.m.5 views

SUSE-SU-2026:1387-1 Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. - CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead...

9.2CVSS6.4AI score0.00834EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/16 4:0 a.m.114 views

Exploit for CVE-2026-40176

!CAUTION THIS REPOSITORY CONTAINS PROOF-OF-CONCEPT CODE FO...

8.8CVSS6AI score0.01688EPSS
Exploits4
EUVD
EUVD
added 2026/04/16 3:31 a.m.4 views

EUVD-2026-23161

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/16 3:31 a.m.7 views

EUVD-2026-23165

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

10CVSS6AI score0.02144EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 3:16 a.m.5 views

CVE-2026-6349

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS0.02144EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 3:16 a.m.6 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS0.01156EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 2:35 a.m.3 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References5
CVE
CVE
added 2026/04/16 2:35 a.m.21 views

CVE-2026-41015

CVE-2026-41015 affects radare2 prior to the commit 9236f44. On UNIX configurations without SSL, a PDB name passed to rabin2 -PP can lead to local command injection. The vulnerability window is stated as between 6.1.2 and 6.1.3, with the fix introduced by the commit 9236f44 (referenced in the link...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/16 2:35 a.m.29 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS0.01156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/16 2:35 a.m.3 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/16 2:35 a.m.3 views

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.5AI score0.01156EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/16 2:24 a.m.4 views

CVE-2026-6349 HGiga|iSherlock - OS Command Injection

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS6AI score0.02144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 2:24 a.m.4 views

CVE-2026-6349

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

10CVSS6AI score0.02144EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 2:24 a.m.10 views

CVE-2026-6349

CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...

9.8CVSS6AI score0.02144EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 1:16 a.m.3 views

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS0.01687EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/16 12:8 a.m.4 views

EUVD-2026-23141

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/16 12:8 a.m.36 views

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS0.01687EPSS
Exploits1References3
CVE
CVE
added 2026/04/16 12:8 a.m.10 views

CVE-2026-40502

OpenHarness (before commit dd1d235) contains a remote command-injection in the gateway handler that lets remote gateway users with chat access execute administrative commands (e.g., /permissions full_auto) to alter a running instance without operator authorization. The CVSS metrics indicate a net...

8.8CVSS6AI score0.01687EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-34729

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The CSVAgent allows the provision of custom Pandas CSV read code. Due to a lack of sanitization, an attacker can provide a command injection payload that is interpolated and executed by the server...

9.4CVSS5.9AI score0.0145EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.8 views

HGiga iSherlock 安全漏洞

HGiga iSherlock is a series of software products developed by the Chinese company HGiga. HGiga iSherlock has a security vulnerability, which stems from OS command injection, potentially allowing for the execution of arbitrary OS commands...

9.8CVSS6AI score0.02144EPSS
Exploits0References3
Rows per page
Query Builder