Lucene search
K

49 matches found

EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-61434

CVE-2026-61434 involves PraisonAI prior to version 4.6.78, where an allowlist bypass in shell command execution enables attackers to abuse find’s built-in -exec, -execdir, and -delete actions. By crafting find commands that use these actions, an attacker can read blocked files, delete files, or r...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: vim (TSSA-2026:0317)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0317 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.3CVSS6.1AI score0.00917EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.15 views

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

7.8CVSS6.2AI score0.00799EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:33 p.m.10 views

OESA-2026-2472 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

7CVSS6.2AI score0.00917EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 12:13 p.m.6 views

SUSE-SU-2026:21859-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.5AI score0.00917EPSS
Exploits1References14
OSV
OSV
added 2026/05/28 12:13 p.m.7 views

OPENSUSE-SU-2026:20828-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS6.2AI score0.00917EPSS
Exploits1References13
NVD
NVD
added 2026/05/27 5:16 p.m.18 views

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

7.8CVSS0.00799EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Version 12.6.4392.49 of the RayVentory Scan Engine contains a security vulnerability. This vulnerability stems from parameter...

7.8CVSS6.1AI score0.00826EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.6 views

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

7.8CVSS6.2AI score0.00799EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.42 views

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

0.00799EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 12:0 a.m.20 views

CVE-2026-38945

Raynet rvia 12.6 Update 8 and earlier versions are affected by a command injection due to improper termination of search criteria in Java-based search using the find command. This allows an adversary with local access to execute arbitrary code via a crafted path. The CVSS base score is 7.8 (HIGH)...

7.8CVSS6.2AI score0.00799EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 1:22 p.m.8 views

OESA-2026-2449 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

6.6CVSS6.2AI score0.00917EPSS
Exploits1References4
NVD
NVD
added 2026/05/08 11:16 p.m.30 views

CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

5.3CVSS0.00917EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0435 contained a vulnerability related to operating system command injection. This vulnerability originated from the OS command injection during the completion of the find command, which...

5.3CVSS6.1AI score0.00917EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.6 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

8.8CVSS5.6AI score0.00562EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 9:16 p.m.5 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

8.8CVSS0.00562EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 8:50 p.m.2 views

CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS5.7AI score0.00562EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 8:50 p.m.4 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS5.7AI score0.00562EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 8:50 p.m.28 views

CVE-2026-24887 Claude Code has a Command Injection in find Command Bypasses User Approval Prompt

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS0.00562EPSS
Exploits1References1
Rows per page
Query Builder