Lucene search
K

301 matches found

Nuclei
Nuclei
added yesterday92 views

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

9.9CVSS6.9AI score0.79064EPSS
Exploits4References5
CVE
CVE
added 3 days ago25 views

CVE-2026-61447

PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...

10CVSS6.7AI score0.00544EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 1:13 p.m.10 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.6AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.11 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 6:29 p.m.11 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.27 views

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/14 2:21 a.m.10 views

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/13 7:16 p.m.8 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the yield iterator inside an async generator. An attacker can execute arbitrary commands on the host...

10CVSS6AI score0.00568EPSS
Exploits1References2
OSV
OSV
added 2026/05/08 4:20 p.m.24 views

GHSA-9VG3-4RFJ-WGCM vm2 has Sandbox Breakout Through Null Proto Exception

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details In handleException due to // SECURITY post-GHSA-mpf8 hardening: use from not ensureThis exceptions with a...

9.8CVSS6.4AI score0.00812EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of disk space exhaustion due to the upload of large amounts of data, which could affect the host system...

4.3CVSS5.8AI score0.00333EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 4:33 p.m.6 views

GHSA-V37H-5MFM-C47C VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/05 11:57 a.m.7 views

CVE-2026-24781

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the inspect function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity a...

9.8CVSS6.3AI score0.01186EPSS
Exploits1References8
CNVD
CNVD
added 2026/04/24 12:0 a.m.6 views

OpenClaw Remote Code Execution Vulnerability (CNVD-2026-18601)

OpenClaw is a software platform for device pairing and node management, with key features including device authentication, node-wide gateway control, and remote command execution. OpenClaw suffers from a remote code execution vulnerability that stems from a device pairing node failing to properly...

8.8CVSS7AI score0.00544EPSS
Exploits0
CVE
CVE
added 2026/04/23 9:58 p.m.25 views

CVE-2026-41352

OpenClaw is affected prior to version 2026.3.31. The issue is a remote code execution where a device-paired node can bypass the node scope gate authentication, allowing attackers with device pairing credentials to execute arbitrary node commands on the host without proper validation. CVSS-based i...

8.8CVSS6.7AI score0.00544EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/22 12:31 a.m.7 views

EUVD-2026-24517

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:44 p.m.2 views

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/21 9:44 p.m.37 views

CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

8.1CVSS0.00475EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-34195

Name of the Vulnerable Software and Affected Versions Hermes WebUI affected versions not specified Description An arbitrary file deletion issue exists in the '/api/session/delete' endpoint. Authenticated attackers can delete files outside the session directory by providing an absolute path or pat...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/04/08 9:20 a.m.5 views

CVE-2026-34079

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS6AI score0.00323EPSS
Exploits0References4
Rows per page
Query Builder