Lucene search
K

71049 matches found

Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33249

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

10CVSS6AI score0.02144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33247

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.9AI score0.01156EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Versions of Radare2 prior to 9236f44 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of PDB names when SSL was not enabled, which could lead to command injection attacks...

7.4CVSS5.8AI score0.01156EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/04/16 12:0 a.m.13 views

Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

7.5CVSS5.8AI score0.02279EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007184)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007184 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vi...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Fedora 43 : composer (2026-02c1f66b6a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-02c1f66b6a advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

8.8CVSS6AI score0.01688EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2026/04/15 11:25 p.m.13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
NVD
NVD
added 2026/04/15 9:17 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References6
NVD
NVD
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References6
OSV
OSV
added 2026/04/15 9:17 p.m.8 views

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.7 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References2
OSV
OSV
added 2026/04/15 9:17 p.m.3 views

UBUNTU-CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2026/04/15 8:56 p.m.7 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References2
CVE
CVE
added 2026/04/15 8:56 p.m.15 views

CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6AI score0.01688EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2026/04/15 8:56 p.m.19 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.3AI score0.01688EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2026/04/15 8:56 p.m.3 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.1AI score0.01065EPSS
Exploits4References2
Rows per page
Query Builder