Lucene search
K

70989 matches found

Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-37124

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.3.8 Description A command injection issue exists in the runMac function within the file github.com/elcterm/electerm/npm/install.js:150. The function appends the remote releaseInfo.name variable, which can be...

9.8CVSS6AI score0.01572EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33195

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33249

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

10CVSS6AI score0.02144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33247

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Versions of Radare2 prior to 9236f44 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of PDB names when SSL was not enabled, which could lead to command injection attacks...

7.4CVSS5.8AI score0.01156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

FreeBSD : PHP Composer -- Multiple vulnerabilities (7a7a17b2-381c-11f1-a663-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a7a17b2-381c-11f1-a663-10ffe07f9334 advisory. Composer project reports: Fixed command injection via malicious Perforce reference...

8.8CVSS6AI score0.01688EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in...

8.8CVSS6.1AI score0.00607EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary...

8.4CVSS5.8AI score0.01184EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007184)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007184 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vi...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/04/16 12:0 a.m.12 views

Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

7.5CVSS5.8AI score0.02279EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Fedora 43 : composer (2026-02c1f66b6a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-02c1f66b6a advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

8.8CVSS6AI score0.01688EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007186)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007186 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/15 11:25 p.m.13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
NVD
NVD
added 2026/04/15 9:17 p.m.4 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References6
NVD
NVD
added 2026/04/15 9:17 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.7 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References2
OSV
OSV
added 2026/04/15 9:17 p.m.3 views

UBUNTU-CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References3
OSV
OSV
added 2026/04/15 9:17 p.m.8 views

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References3
AlpineLinux
AlpineLinux
added 2026/04/15 8:56 p.m.3 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2
Rows per page
Query Builder