Lucene search
K

65 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/22 9:39 p.m.4 views

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS6AI score0.00471EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/01/22 9:39 p.m.34 views

CVE-2026-23953

Incus CVE-2026-23953 affects versions 6.20.0 and earlier. A user able to launch a container with a crafted YAML can inject newlines via an environment variable, enabling additional lxc.conf items and potentially arbitrary command execution on the host. Exploitation requires modifying the payload ...

8.7CVSS6AI score0.00471EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 9:39 p.m.2 views

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/22 9:39 p.m.16 views

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS0.00471EPSS
Exploits1References4
OSV
OSV
added 2026/01/22 9:39 p.m.4 views

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References6
OSV
OSV
added 2026/01/22 8:26 p.m.4 views

GHSA-7F67-CRQM-JGH7 Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...

8.7CVSS6.3AI score0.00731EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25595

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00543EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/08/25 11:31 p.m.3 views

SUSE CVE-2025-29366

In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...

9.8CVSS7.5AI score0.00543EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.5 views

CVE-2025-29366

An array overflow vulnerability has been discovered in Mupen64Plus, where out-of-bounds writes can overwrite function pointers in the host machine’s memory. This flaw enables a maliciously crafted input to escape the virtualized environment and achieve arbitrary command execution on the host syst...

9.8CVSS7.3AI score0.00543EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 4:15 p.m.4 views

UBUNTU-CVE-2025-29366

In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...

9.8CVSS6AI score0.00543EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.5 views

CVE-2021-20037

SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier...

7.8CVSS7.3AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

Osmedeus Core Engine 安全漏洞

Osmedeus Core Engine is a workflow engine for offensive security by the individual developer Ai Ho. A security vulnerability exists in Osmedeus Core Engine version 4.6.4 and earlier, which stems from improper file content filtering and is vulnerable to cross-site scripting attacks, and may also...

8.7CVSS6.1AI score0.0044EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.5 views

PT-2023-13353 · Rws · Rws Worldserver

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered in RWS WorldServer where the /clientLogin endpoint deserializes Java objects without authentication, leading to command execution on the host. Recommendations: For...

9.8CVSS7.6AI score0.01455EPSS
Exploits1References6
OSV
OSV
added 2023/09/11 7:15 p.m.4 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS5.9AI score0.11634EPSS
Exploits1References1
OSV
OSV
added 2023/07/01 12:15 a.m.2 views

CVE-2023-28365

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

9.1CVSS5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

Elastic Kibana 代码注入漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.0.0 through 8.7.0. An attacker could explo...

8.8CVSS8.4AI score0.00603EPSS
Exploits0References3
OSV
OSV
added 2022/07/01 3:15 p.m.4 views

CVE-2022-2253

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server...

9.1CVSS5.9AI score0.01122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.4 views

PT-2022-2711 · Cisco · Cisco Iox +2

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...

7.2CVSS6.5AI score0.01043EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/13 12:0 a.m.5 views

Ansible-Runner 操作系统命令注入漏洞

Ansible-Runner is an open source tool and Python library from Ansible, Inc. It is used to provide assistance when interacting directly with Ansible or as part of another system. Ansible-Runner suffers from an operating system command injection vulnerability that stems from incorrect input...

7.8CVSS7.6AI score0.0031EPSS
Exploits0References8
Rows per page
Query Builder