Lucene search
K

2165 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2025-210391

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS6.1AI score0.00499EPSS
Exploits0References3
NVD
NVD
added 2 days ago3 views

CVE-2025-71371

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00499EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2025-71371

CVE-2025-71371 affects picklescan

8.1CVSS6.1AI score0.00499EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-54011

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect malicious pickle files that utilize the code.InteractiveInterpreter.runcode function within reduce methods. This allows attackers to craft pickle payloads that bypass...

8.1CVSS6.1AI score0.00499EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:31 p.m.15 views

CVE-2026-48721

Warp: The default unsandboxed CLI agent profile uses a command denylist as a safety boundary. From 0.2025.10.08.08.12.stable_00 to 0.2026.05.06.15.42.stable_01, Warp’s command output can be influenced by environment-variable prefixes, causing denylisted commands to be treated as allowed. This byp...

8.6CVSS6AI score0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:31 p.m.30 views

CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary cod...

7.6CVSS8AI score0.02586EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 10:16 p.m.12 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.0057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:37 p.m.8 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.2AI score0.0057EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.108 views

Unix Command Shell, Bind TCP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf payloadbindsocattcp run This module requires...

9.2CVSS5.2AI score0.26468EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.7 views

Microsoft Cost Management Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.0057EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50799

Name of the Vulnerable Software and Affected Versions Cost Management Interactive Experiences affected versions not specified Description Exposure of sensitive information in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/12 7:21 p.m.83 views

aetherion

/\ | | | | | |...

8.8CVSS5.4AI score0.00541EPSS
Exploits12
Vulnrichment
Vulnrichment
added 2026/06/12 6:24 p.m.10 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/12 12:0 a.m.5 views

Joern 4.0.557

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/11 8:28 p.m.9 views

EUVD-2026-36129

Russh: Unchecked keyboard-interactive prompt count in client auth path...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:28 p.m.5 views

GHSA-G9G7-5CGW-6V28 Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 8:28 p.m.9 views

Russh: Unchecked keyboard-interactive prompt count in client auth path

Summary In the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::withcapacity... before validating that enough prompt data was actually...

6.5CVSS5.6AI score0.00232EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/11 8:5 p.m.22 views

CVE-2026-53807

OpenClaw prior to 2026.5.6 is vulnerable to an authorization bypass in Telegram interactive callbacks via commands.allowFrom. An authenticated user can invoke affected callbacks to bypass allowlist validation and mark themselves as authorized senders, enabling command behavior outside Telegram se...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/11 4:39 a.m.55 views

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

6AI score
Exploits0
Rows per page
Query Builder