354484 matches found
Exploit for OS Command Injection in Devcode Openstamanager
CVE-2025-69212 --- Description OpenSTAManager is a manag...
CVE-2026-54074
Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...
linux-privesc
🐧 Linux Privilege Escalation Toolkit Automated enumeration...
SQLi-PoC
SQLi-PoC — CW... flag extractor A self-contained, sqlma...
Malicious code in test-pkg-yarn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b74339843ee482f3f135dd43e855f1f30758e20857333e0e6153748888769a package.json declares bin: "node": "./shim.js" , causing npm/yarn to symlink node in nodemodules/.bin and in a system bin dir on global install to a...
CVE-2026-54074 @tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels
Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...
CVE-2026-54074
Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...
Malicious code in test-pkg-x0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d0014944456f668a25fa484bf7cb5f36a7128d6a585b86d9294d8d49b23049a Package declares scripts.postinstall pointing at shim.js, a script that runs unconditionally on npm install. shim.js branches on uname -s...
EUVD-2026-38009
Rancher vulnerable to command injection through unsanitized YAML parameter...
unified-bb-suite
Unified BB Suite — Combined Workflow Two work...
CVE-2026-58457
Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilterconf handler in the commuos web backend. Attackers...
CVE-2026-54908
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...
CVE-2026-14363
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager
OpenSTAManager RCE Exploit CVE-2026-38751 Overview This...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Exploit for OS Command Injection in Devcode Openstamanager
CVE-2025-69212 - OpenSTAManager OS Command Injection PoC U...
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Argo CD , a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster...