CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE•added 2026/05/08 10:55 p.m.•10 views

CVE-2026-42453

Termix is affected by a command injection in the file-manager.ts endpoints extractArchive and compressFiles due to the use of double-quoted strings for shell construction, enabling $(command) substitution on the remote SSH host. This vulnerability (CVE-2026-42453) can lead to arbitrary command ex...

8.7CVSS5.8AI score0.00339EPSS

Exploits0References2

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29670

Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTER SANITIZE SPECIAL CHARS — encodes , ", ', & to HTML entities 2. html entity decode$input, ENT QUOTES | ENT HTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...

6.1CVSS5.9AI score0.00051EPSS

Exploits1References5

OSV•added 2026/03/05 10:16 p.m.•0 views

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

8.1CVSS6.1AI score

Exploits0References3

ATTACKERKB•added 2026/03/05 9:59 p.m.•2 views

CVE-2026-28470

9.8CVSS6.2AI score0.00104EPSS

Exploits0References4

Positive Technologies•added 2026/02/17 12:0 a.m.•4 views

PT-2026-23545

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a flaw in its exec approvals allowlist, which can be bypassed when command substitution syntax is used. Specifically, attackers can execute arbitrary commands by injecting...

9.8CVSS6AI score0.00104EPSS

Exploits0References11

Packet Storm•added 2026/01/07 12:0 a.m.•104 views

📄 mrrb.bg Cross Site Scripting

The site at mrrb.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: mrrb.bg-APP - XSS-Reflected Author: nu11secur1ty Date: 01/06/2026 Vendor: mrrb.bg Software: mrrb.bg...

6.4AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-3243

Malicious code in bioql PyPI...

9.8CVSS7.8AI score0.07798EPSS

Exploits0References17

OSV•added 2024/04/11 11:2 p.m.•8 views

USN-6730-1 maven-shared-utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

9.8CVSS7.3AI score0.00255EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 3:58 a.m.•3 views

SUSE CVE-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message...

7.5CVSS6.9AI score0.04933EPSS

Exploits1References5

Veracode•added 2022/05/24 6:21 a.m.•33 views

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands...

9.8CVSS9.5AI score0.00255EPSS

Exploits0References8Affected Software2

OSV•added 2022/05/13 1:11 a.m.•0 views

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS6.9AI score0.07798EPSS

Exploits0References17

CNVD•added 2022/04/28 12:0 a.m.•32 views

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

9.8CVSS9.9AI score0.00255EPSS

Exploits0References1

CNNVD•added 2022/04/26 12:0 a.m.•2 views

Apache Maven 命令注入漏洞

9.8CVSS6.3AI score0.00255EPSS

Exploits0References35

OSV•added 2021/12/26 3:15 p.m.•2 views

CVE-2021-44598

Attendance Management System 1.0 is affected by a Cross Site Scripting XSS vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflecte...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1

Veracode•added 2020/10/15 4:21 a.m.•9 views

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings...

3.9AI score

Exploits0