Lucene search
K

423 matches found

OSV
OSV
added 2026/04/27 8:35 p.m.11 views

JLSEC-2026-281 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.2CVSS6.2AI score0.09199EPSS
Exploits2References5
NVD
NVD
added 2026/04/26 1:16 p.m.9 views

CVE-2026-7039

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS0.00653EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.11 views

Context Sync 命令注入漏洞

Context Sync is a local-first project memory tool developed by Mamba Personal Developer, based on MCP. Versions of Context Sync 2.0.0 and earlier had a command injection vulnerability, which originated from the os command injection present in the src/git-integration.ts file within the Git...

7.5CVSS7.1AI score0.01368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.12 views

PT-2026-35222

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS5.1AI score0.00653EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/24 1:22 p.m.8 views

CVE-2026-6349

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS5.6AI score0.02144EPSS
Exploits0References1
OSV
OSV
added 2026/04/23 12:16 a.m.9 views

DEBIAN-CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2References1
NVD
NVD
added 2026/04/23 12:16 a.m.10 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS0.09199EPSS
Exploits2References10
AlpineLinux
AlpineLinux
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
Cvelist
Cvelist
added 2026/04/23 12:3 a.m.39 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS0.09199EPSS
Exploits2References7
Debian CVE
Debian CVE
added 2026/04/23 12:3 a.m.4 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/04/23 12:3 a.m.8 views

CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.5AI score0.09199EPSS
Exploits2References7
Snyk
Snyk
added 2026/04/23 12:3 a.m.4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the operations/fsinfo endpoint in the RC server process. An attacker can execute arbitrary local commands by sending crafted requests to an exposed RC server that is running without...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
CVE
CVE
added 2026/04/23 12:3 a.m.35 views

CVE-2026-41179

CVE-2026-41179 affects rclone before 1.73.5 where the RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. This allows an unauthenticated attacker to instantiate an attacker-controlled backend via rc.GetFs(...) and trigger WebDAV bearer_token_com...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/22 2:45 p.m.8 views

EUVD-2026-25144

RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References4
OSV
OSV
added 2026/04/22 2:45 p.m.7 views

GHSA-JFWF-28XR-XW6Q RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.8CVSS6.1AI score0.09199EPSS
Exploits2References9
Cvelist
Cvelist
added 2026/04/17 10:57 a.m.26 views

CVE-2026-35074

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker...

6.7CVSS0.00571EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.10 views

PT-2026-33438

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description Improper neutralization of special...

6.7CVSS6AI score0.00571EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.7 views

PT-2026-33437

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description Improper neutralization of special...

6.7CVSS6.1AI score0.00571EPSS
Exploits0References4
CVE
CVE
added 2026/04/16 2:24 a.m.10 views

CVE-2026-6349

CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...

9.8CVSS6AI score0.02144EPSS
Exploits0References2
Rows per page
Query Builder