Lucene search
K

71060 matches found

CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Shopping Cart 安全漏洞

Shopping Cart is a SSH host connection management tool developed by Thijmen’s individual developer. Version 0.0.2 of Shopping Cart contains a security vulnerability, which stems from command injection in the connect function. This vulnerability could potentially allow for the execution of arbitra...

8.4CVSS6.4AI score0.00558EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector 安全漏洞

Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of the American company Cisco. Cisco Identity Services Engine is an Identity Services Engine ISE platform. This platform collects real-time information from networks, users, and devices, and develo...

6CVSS5.9AI score0.00533EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.7 views

Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mountnfsuri function. The issue results from the lack of proper validation ...

8.8CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2026/04/15 12:0 a.m.6 views

ALSA-2026:8259 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.8CVSS6.5AI score0.01162EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...

7.8CVSS6.2AI score0.01065EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

Vim < 9.2.0316 Command Injection (GHSA-mr87-rhgv-7pw6)

The version of Vim installed on the remote host is prior to 9.2.0316. It is, therefore, affected by a vulnerability as referenced in the GHSA-mr87-rhgv-7pw6 advisory. - A command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex command...

7.8CVSS6.1AI score0.0062EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.3 views

Amazon Athena ODBC Driver < 2.0.5.1 Command Injection (Linux)

The version of Amazon Athena ODBC Driver installed on the remote Linux host is prior to 2.0.5.1. It is, therefore, affected by a vulnerability: - OS command injection in the browser-based authentication component might allow a threat actor to execute arbitrary code by using specially crafted...

7.8CVSS6.2AI score0.00727EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

Cisco Identity Services Engine (cisco-sa-ise-cmd-inj-5WSJcYJB)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in theCLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command...

6CVSS5.8AI score0.00533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

RockyLinux 10 : vim (RLSA-2026:7711)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7711 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure vi...

7.8CVSS6.5AI score0.01162EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/14 11:30 p.m.13 views

SUSE CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References28
OSV
OSV
added 2026/04/14 11:27 p.m.4 views

GHSA-PQ8P-WC4F-VG7J WWBN AVideo has an incomplete fix for CVE-2026-33502: Command Injection

Summary The incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit...

9.3CVSS6.7AI score0.00442EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2026/04/14 11:27 p.m.10 views

WWBN AVideo has an incomplete fix for CVE-2026-33502: Command Injection

Summary The incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit...

9.3CVSS6.7AI score0.00442EPSS
Exploits2References7Affected Software1
Snyk
Snyk
added 2026/04/14 11:27 p.m.7 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via unsanitized input to the wget function. An attacker can execute arbitrary system commands by supplying crafted input containing shell...

9.3CVSS6AI score0.00335EPSS
Exploits1References2
NVD
NVD
added 2026/04/14 11:16 p.m.5 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS0.00607EPSS
Exploits0References6
OSV
OSV
added 2026/04/14 11:16 p.m.3 views

UBUNTU-CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6.1AI score0.00607EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/14 10:42 p.m.3 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6.1AI score0.00607EPSS
Exploits0
CVE
CVE
added 2026/04/14 10:42 p.m.10 views

CVE-2026-33414

Summary: CVE-2026-33414 affects Podman

8.8CVSS6.1AI score0.00607EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/04/14 10:42 p.m.3 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6AI score0.00607EPSS
Exploits0
Snyk
Snyk
added 2026/04/14 10:30 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 10:30 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
Rows per page
Query Builder