Lucene search
K

52072 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago3 views

Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afb272eb6208527c57abc9ef604a3776dfdca057e5c9b16e524aa4703df623b4 The OpenSSF Package Analysis project identified 'easy-string-kit' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

5.9AI score
Exploits0
CVE
CVE
added 4 hours ago4 views

CVE-2026-53170

CVE-2026-53170 – Linux kernel (accel/ethosu) : Concrete details show a vulnerability where DMA commands could run with uninitialized length. The issue stems from cmd_state_init() initializing dma->len to U64_MAX and the only setter being NPU_SET_DMA0_LEN; if userspace omits this, dma_start lea...

5.9AI score
Exploits0References2
Nuclei
Nuclei
added 7 hours ago27 views

Hotel Druid 3.0.2 - Cross-Site Scripting

Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. id: CVE-2021-37833 info: name: Hotel Druid 3.0.2 - Cross-Site Scripting author: pikpikcu,s4e-io severity: medium description: Hotel Druid 3.0.2 contains a...

6.1CVSS6.5AI score0.04878EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago34 views

Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. id: CVE-2020-35713 info: name: Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution author: gy741 severity:...

10CVSS7.7AI score0.32704EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago6 views

Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

9.8CVSS6.7AI score0.03135EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago24 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago31 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.9AI score0.29157EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago62 views

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

9.8CVSS7.1AI score0.14003EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago22 views

DATAGERRY - REST API Auth Bypass

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...

9.1CVSS6.2AI score0.03924EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago47 views

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS7.7AI score0.54413EPSS
Exploits9References3
Nuclei
Nuclei
added 7 hours ago29 views

TurboMeeting - Post-Authentication Command Injection

The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...

7.2CVSS6.2AI score0.03216EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 10 hours ago6 views

CVE-2026-44168

A flaw was found in MariaDB. During a State Snapshot Transfer SST, the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a...

8CVSS6.2AI score0.00381EPSS
Exploits0References5
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score
Exploits0References1
CVE
CVE
added 11 hours ago5 views

CVE-2026-8592

The CVE-2026-8592 entry describes an OS Command Injection in the process_string action of the Rapid7 InsightConnect AWK Plugin on Linux, caused by unsafe shell command construction in the processing pipeline. The vulnerability could allow remote attackers to execute arbitrary OS commands via the ...

7.7CVSS6.3AI score
Exploits0References1
Nuclei
Nuclei
added 11 hours ago135 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.9AI score0.84845EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago43 views

TerraMaster TOS - Unauthenticated Remote Command Execution

TerraMaster TOS = 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. id: CVE-2020-28188 info: name: TerraMaster TOS - Unauthenticated Remote Command Execution...

10CVSS8.2AI score0.96598EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago71 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.7AI score0.83284EPSS
Exploits24References5
Nuclei
Nuclei
added 11 hours ago70 views

Moodle - Remote Code Execution

Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system. id: CVE-2024-43425 info: name: Moodle - Remote Code Execution author:...

8.1CVSS7.6AI score0.83343EPSS
Exploits8References4
Nuclei
Nuclei
added 11 hours ago50 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.3AI score0.40874EPSS
Exploits1References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-8663 OS Command Injection in Rapid7 InsightConnect RPM Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction...

6CVSS
Exploits0References1
Rows per page
Query Builder