Lucene search
K

71058 matches found

Vulnrichment
Vulnrichment
added 2026/04/15 4:11 p.m.3 views

CVE-2026-20136 Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.8AI score0.00533EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:11 p.m.4 views

CVE-2026-20136

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.8AI score0.00533EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2026/04/15 4:0 p.m.13 views

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.8AI score0.00533EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 3:31 p.m.4 views

EUVD-2024-55543

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

8.4CVSS6.6AI score0.00558EPSS
Exploits0References3
OSV
OSV
added 2026/04/15 3:31 p.m.5 views

GHSA-GGMW-MJHV-75RM NietThijmen ShoppingCart: Command injection in the connect function

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

8.4CVSS6.6AI score0.00558EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/15 3:31 p.m.11 views

NietThijmen ShoppingCart: Command injection in the connect function

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

8.4CVSS6.6AI score0.00558EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/15 3:16 p.m.3 views

CVE-2024-53412

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field...

8.4CVSS0.00558EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/15 12:26 p.m.6 views

Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead to...

9.3CVSS6.4AI score0.00834EPSS
Exploits0References12
OSV
OSV
added 2026/04/15 12:26 p.m.6 views

SUSE-SU-2026:1347-1 Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. - CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead...

9.2CVSS6.4AI score0.00834EPSS
Exploits0References7
NCSC
NCSC
added 2026/04/15 12:23 p.m.8 views

vulnerabilities in Fortinet FortiSandbox

Fortinet has identified several vulnerabilities in FortiSandbox, including those in on-premises versions and FortiSandbox Cloud. Two of these vulnerabilities are classified as critical by Fortinet. Malicious actors can exploit these vulnerabilities through CVE-2026-39813 and CVE-2026-39808. In...

9.8CVSS6AI score0.48668EPSS
Exploits7References5
OSV
OSV
added 2026/04/15 8:17 a.m.4 views

OPENSUSE-SU-2026:20540-1 Security update for vim

This update for vim fixes the following issues: - CVE-2026-33412: command injection via newline in glob bsc1259985. - CVE-2026-34714: crafted file can allow code execution bsc1261191. - CVE-2026-34982: Vim modeline bypass via various options bsc1261271...

9.2CVSS6.2AI score0.00834EPSS
Exploits0References6
OSV
OSV
added 2026/04/15 8:14 a.m.4 views

SUSE-SU-2026:21134-1 Security update for vim

This update for vim fixes the following issues: - CVE-2026-33412: command injection via newline in glob bsc1259985. - CVE-2026-34714: crafted file can allow code execution bsc1261191. - CVE-2026-34982: Vim modeline bypass via various options bsc1261271...

9.2CVSS6.2AI score0.00834EPSS
Exploits0References7
OSV
OSV
added 2026/04/15 8:14 a.m.6 views

SUSE-SU-2026:21197-1 Security update for vim

This update for vim fixes the following issues: - CVE-2026-33412: command injection via newline in glob bsc1259985. - CVE-2026-34714: crafted file can allow code execution bsc1261191. - CVE-2026-34982: Vim modeline bypass via various options bsc1261271...

9.2CVSS6.2AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/15 7:35 a.m.5 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.3AI score0.00834EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/15 7:35 a.m.3 views

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References7
NVD
NVD
added 2026/04/15 4:17 a.m.6 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS0.01184EPSS
Exploits1References4
NVD
NVD
added 2026/04/15 4:17 a.m.7 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 4:17 a.m.3 views

UBUNTU-CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 2:5 a.m.3 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2026/04/15 2:5 a.m.5 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS5.8AI score0.01184EPSS
Exploits1
Rows per page
Query Builder