Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4511

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/02/18 5:39 p.m.5 views

GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

7.6CVSS5.6AI score0.012EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/02/18 5:39 p.m.17 views

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

8CVSS5.6AI score0.012EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/01/29 9:37 p.m.23 views

CVE-2026-25046

The CVE concerns the Kimi Agent SDK, specifically the development scripts vsix-publish.js and ovsx-publish.js, which pass filenames to shell via execSync(). Prior to v0.1.6, filenames containing shell metacharacters (e.g., $(cmd)) could cause arbitrary command execution. It affects development sc...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/12/19 12:0 a.m.28 views

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

9.3CVSS6.2AI score0.19976EPSS
In wildExploits4References78
Snyk
Snyk
added 2025/10/02 9:15 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/02 9:15 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

7.1CVSS7.4AI score0.00541EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/08 7:42 p.m.73 views

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

9.3CVSS8AI score0.01371EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/06/20 8:15 p.m.4 views

CVE-2025-6363

A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely...

9.8CVSS5.7AI score0.00399EPSS
Exploits1References5
NVD
NVD
added 2025/04/15 9:16 p.m.31 views

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

9.3CVSS0.19976EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.7 views

PT-2023-15101 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered in the software, allowing Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs executed on the server at...

9.8CVSS6.9AI score0.00683EPSS
Exploits0References6
CNVD
CNVD
added 2019/06/13 12:0 a.m.1 views

FusionPBX Operator Panel module cross-site scripting vulnerability (CNVD-2019-40060)

FusionPBX is a scalable, multi-threaded communication platform. The platform can be used as a call center server, fax server, voip server, voicemail server, conference server and voice application server, etc. Operator Panel module is one of the operator panel modules. The platform can be used as...

8.8CVSS6.7AI score0.8748EPSS
Exploits10References1
CNVD
CNVD
added 2016/01/20 12:0 a.m.4 views

PHP 'ext/standard/exec.c' file integer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...

7.5CVSS8.9AI score0.02733EPSS
Exploits1References1
Rows per page
Query Builder