Lucene search
K

234 matches found

NVD
NVD
added 2026/05/12 2:17 p.m.24 views

CVE-2026-35071

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

8.2CVSS0.0046EPSS
Exploits0References1
OSV
OSV
added 2026/04/27 8:35 p.m.12 views

JLSEC-2026-281 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.2CVSS6.2AI score0.09199EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/04/24 1:22 p.m.8 views

CVE-2026-6349

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS5.6AI score0.02144EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 12:16 a.m.9 views

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References1
NVD
NVD
added 2026/04/23 12:16 a.m.11 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS0.09199EPSS
Exploits2References10
Cvelist
Cvelist
added 2026/04/23 12:3 a.m.40 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS0.09199EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2026/04/23 12:3 a.m.8 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.5AI score0.09199EPSS
Exploits2References7
Snyk
Snyk
added 2026/04/23 12:3 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
CVE
CVE
added 2026/04/23 12:3 a.m.39 views

CVE-2026-41179

CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References10Affected Software1
Debian CVE
Debian CVE
added 2026/04/23 12:3 a.m.4 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
EUVD
EUVD
added 2026/04/22 2:45 p.m.8 views

EUVD-2026-25144

RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References4
OSV
OSV
added 2026/04/22 2:45 p.m.7 views

GHSA-JFWF-28XR-XW6Q RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.8CVSS6.1AI score0.09199EPSS
Exploits2References9
Cvelist
Cvelist
added 2026/04/17 10:57 a.m.28 views

CVE-2026-35074

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker...

6.7CVSS0.00571EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 2:24 a.m.10 views

CVE-2026-6349

CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...

9.8CVSS6AI score0.02144EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 12:4 a.m.23 views

SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...

6.1AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.6 views

Juniper Junos OS Vulnerability (JSA107872)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107872 advisory. - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific...

8.8CVSS6AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 6:58 p.m.23 views

CVE-2026-35020

...

0.00114EPSS
Exploits0
NVD
NVD
added 2026/03/18 2:16 a.m.5 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

8.8CVSS0.00406EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 9:52 p.m.5 views

GHSA-VFFC-F7R7-RX2W OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

8.6CVSS6.3AI score0.01075EPSS
Exploits1References5
Rows per page
Query Builder