Lucene search
K

19 matches found

Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.27 views

Espanso 2.3.0 Configuration Security Auditor

This Python script implements a security auditing tool for Espanso configuration files. The EspansoSecurityAuditor class scans Espanso match configurations for potentially dangerous shell commands, insecure permissions, and suspicious execution patterns that could indicate malicious automation or...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/24 11:29 a.m.87 views

AI-Code-Vulnerability-Scanner

AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...

6AI score
Exploits0
EUVD
EUVD
added 2026/04/17 9:31 a.m.4 views

EUVD-2026-23400

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.3 views

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6AI score0.00512EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/05 12:35 a.m.15 views

zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 12:35 a.m.2 views

GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

7.5CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-1999-0080

Malware in sbrugna...

10CVSS6.4AI score0.03896EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:4 a.m.5 views

CVE-2024-35222

Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. Valid commands with potentially...

5.9CVSS7AI score0.00349EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/10 11:16 a.m.5 views

Malicious code in keycloak-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3df989aa26dccceca3917c9b3454427df4f54e9c104fbc080e913d30af3e66b2 The OpenSSF Package Analysis project identified 'keycloak-server' @ 0.0.2 npm as malicious. It is considered malicious because: - The package...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.6 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A securit...

6.3CVSS6.9AI score0.00393EPSS
Exploits0References4
NVD
NVD
added 2023/03/16 5:15 p.m.24 views

CVE-2023-28110

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

9.9CVSS6.7AI score0.00848EPSS
Exploits1References2
OSV
OSV
added 2023/03/16 4:18 p.m.23 views

CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

5.7CVSS9AI score0.00848EPSS
Exploits1References4
NVD
NVD
added 2021/07/12 12:15 p.m.22 views

CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...

10CVSS0.70753EPSS
Exploits5References2
Cvelist
Cvelist
added 2021/07/12 11:9 a.m.25 views

CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...

10AI score0.70753EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2021/07/12 12:0 a.m.124 views

CVE-2021-35064

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS5.4AI score0.70753EPSS
In wildExploits5References3
Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.4 views

PT-2021-20822

Name of the Vulnerable Software and Affected Versions KramerAV VIAWare affected versions not specified Description The software allows for privilege escalation due to improper sudo configuration. The sudoers file permits the execution of multiple dangerous commands, including unzip, systemctl, an...

10CVSS9.8AI score0.70753EPSS
Exploits5References7
NVD
NVD
added 2017/07/06 12:29 a.m.14 views

CVE-2017-6712

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...

9CVSS8.7AI score0.02046EPSS
Exploits0References2
Cvelist
Cvelist
added 1999/09/29 4:0 a.m.15 views

CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...

6.5AI score0.03896EPSS
Exploits0References1
NVD
NVD
added 1995/11/30 5:0 a.m.8 views

CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...

10CVSS0.03896EPSS
Exploits0References1
Rows per page
Query Builder