Lucene search
K

71060 matches found

OSV
OSV
added 2026/04/15 9:17 p.m.8 views

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References3
OSV
OSV
added 2026/04/15 9:17 p.m.3 views

UBUNTU-CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References3
CVE
CVE
added 2026/04/15 8:56 p.m.16 views

CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 8:56 p.m.7 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6AI score0.01688EPSS
Exploits4References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/15 8:56 p.m.3 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2
Cvelist
Cvelist
added 2026/04/15 8:56 p.m.19 views

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS0.01688EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.3AI score0.01688EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.1AI score0.01065EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.1AI score0.01065EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2026/04/15 8:47 p.m.19 views

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References2
CVE
CVE
added 2026/04/15 8:47 p.m.24 views

CVE-2026-40176

CVE-2026-40176 affects Composer (PHP dependency manager). The vulnerability lies in Perforce integration: Perforce::generateP4Command() constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) without proper escaping, enabling command injection....

7.8CVSS6.3AI score0.01065EPSS
Exploits4References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/15 8:47 p.m.2 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.3AI score0.01065EPSS
Exploits4
Debian CVE
Debian CVE
added 2026/04/15 8:47 p.m.5 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.6AI score0.01065EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.6 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

8.8CVSS6.1AI score0.02183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.5 views

CVE-2026-23653

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

6.5CVSS5.7AI score0.00739EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.7 views

CVE-2026-32183

Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...

7.8CVSS5.9AI score0.00618EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2026-22960

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.8AI score0.00533EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/15 6:11 p.m.7 views

CVE-2026-33414

A flaw was found in Podman, a tool for managing containers. This vulnerability, located in the HyperV machine backend, allows for command injection. An attacker who can manipulate the virtual machine VM image path can inject and execute arbitrary PowerShell commands. This could lead to unauthoriz...

8.8CVSS6.3AI score0.00607EPSS
Exploits0References5
NVD
NVD
added 2026/04/15 5:17 p.m.8 views

CVE-2026-20136

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS0.00533EPSS
Exploits0References1
Rows per page
Query Builder