Lucene search
K

8008 matches found

Redos
Redos
added 2026/05/24 12:0 a.m.13 views

ROS-20260524-73-0045

A vulnerability in the Jenkins Automation Server built-in command line interface CLI is related to the dependency of critical actions on reverse DNS resolution. Exploitation of the vulnerability could allow a remote attacker to realize a CSWSH Cross-Site WebSocket Hijacking attack...

7.5CVSS6.1AI score0.00297EPSS
Exploits0
OSV
OSV
added 2026/05/23 11:3 p.m.10 views

MAL-2026-4630 Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...

5.4AI score
Exploits0References11
NVD
NVD
added 2026/05/23 7:16 p.m.12 views

CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS0.00162EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.12 views

CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/23 6:30 p.m.12 views

EUVD-2018-21877

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.16 views

CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS0.00162EPSS
Exploits0References4
CVE
CVE
added 2026/05/23 6:30 p.m.31 views

CVE-2018-25356

The CVE applies to SIPp 3.6 and earlier, where a local buffer overflow exists in command-line argument handling. The underlying issue is a strcpy overflow in sipp.cpp caused by oversized input to -3pcc, -i, or -log_file parameters. This can allow a local attacker to crash SIPp or potentially exec...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/05/23 4:35 p.m.28 views

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/23 4:3 p.m.82 views

wpsecscan

WPSecScan !testshttps://github.com/bryanflowers/wpsecscan...

6.1AI score
Exploits0
Veracode
Veracode
added 2026/05/23 5:11 a.m.15 views

Remote Code Execution (RCE)

9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...

6.1AI score0.00147EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

SIPp 安全漏洞

SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Versions of SIPp 3.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from local buffer overflows in the handling of command-line parameters, which could allow local attackers to...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/22 10:20 p.m.106 views

cve-researcher

cve-researcher AI-powered CVE research in your terminal —...

10CVSS7.2AI score0.99999EPSS
Exploits348
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:32 p.m.7 views

CVE-2026-6406

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

8.8CVSS7.3AI score0.00211EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/22 4:38 p.m.11 views

EUVD-2026-31471

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

8.4CVSS6.1AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 4:38 p.m.15 views

CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

8.4CVSS0.00119EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/22 1:16 p.m.15 views

USN-8295-1: Evince vulnerability

It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...

8.4CVSS6.1AI score0.00529EPSS
Exploits0
OSV
OSV
added 2026/05/22 1:16 p.m.11 views

USN-8295-1 evince vulnerability

It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...

8.4CVSS6.1AI score0.00529EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 11:16 a.m.11 views

Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
OSV
OSV
added 2026/05/22 6:25 a.m.6 views

MAL-2026-4497 Malicious code in bingocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78f3d873e7c4d16629263bb242a2636f18747d5dd096b614fb3cf43a56d2dc8e The package declares bin.claude pointing at bin/claude-win.cjs and bin/claude on Linux/macOS. After npm i -g bingocode, the claude command on PATH is...

5.5AI score
Exploits0References2
Rows per page
Query Builder