Lucene search
+L

8100 matches found

CVE
CVE
added 2 days ago15 views

CVE-2026-9494

An information disclosure vulnerability in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) allows the secret bearer token to be exposed in a cleartext URL when /usr/lib/apt/apt-helper uses the download-file command. The token is embedded in the URL passed via argv (e.g., bearer:@esm...

5.5CVSS6.1AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00357EPSS
Exploits0References4
CVE
CVE
added 3 days ago38 views

CVE-2026-49353

Summary (CVE-2026-49353): 9Router before 0.4.46 has a local‑only access gate in src/dashboardGuard.js that relies on Host and Origin headers to classify requests as local. In proxied/tunneled deployments (reverse proxy, Cloudflare Tunnel, Tailscale), these headers are attacker‑controlled, enablin...

7.5CVSS6.1AI score0.00357EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

0.01828EPSS
Exploits0References1
Fedora
Fedora
added 6 days ago11 views

[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43

UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/10 7:17 p.m.11 views

CVE-2026-5801

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS0.00404EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 6:7 p.m.7 views

EUVD-2026-42972

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 6:7 p.m.16 views

CVE-2026-5801

SEM-PMP (Semtek Informatics Software Consulting Trade Ltd. Co.) is affected by CVE-2026-5801 due to improper neutralization of special elements in SQL commands, enabling SQL injection that can lead to Command Line Execution. The vulnerability is rated CVSS v3.1 base score 9.8 (CRITICAL) with netw...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 6:7 p.m.37 views

CVE-2026-5801 SQLi in Semtek Informatics' SEM-PMP

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 5:59 p.m.38 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00207EPSS
Exploits1References3
NVD
NVD
added 2026/07/10 4:16 p.m.6 views

CVE-2026-54000

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 2:51 p.m.7 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:56 p.m.5 views

CVE-2026-0286

A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...

8.5CVSS6.2AI score0.014EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.4 views

openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP SSH File Transfer Protocol connections, potentially leading ...

5.4CVSS6AI score0.00177EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/09 12:38 p.m.5 views

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.2

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

8CVSS7.1AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 2026/07/09 8:16 a.m.8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 7:16 a.m.8 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 6:25 a.m.9 views

EUVD-2026-42515

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...

8.3CVSS7.4AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 6:7 a.m.7 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:7 a.m.16 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder