Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Nuclei
Nucleiadded yesterday4 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS6AI score0.06827EPSS
Exploits1References2
Amazon
Amazonadded 2026/05/14 12:0 a.m.6 views

Important: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...

9.8CVSS5.9AI score0.26321EPSS
Exploits2
SUSE CVE
SUSE CVEadded 2026/04/24 1:28 a.m.1 views

SUSE CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.9AI score0.06827EPSS
Exploits1References3
Snyk
Snykadded 2026/04/23 12:3 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...

9.8CVSS5.9AI score0.06827EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/23 12:3 a.m.4 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.5AI score0.06827EPSS
Exploits1References7
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.4 views

Rclone 操作系统命令注入漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports synchronization with various cloud storages, including Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud...

9.8CVSS5.9AI score0.06827EPSS
Exploits1References2
Rows per page
Query Builder