Lucene search
K

17 matches found

EUVD
EUVD
added 2026/06/04 6:46 a.m.11 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/16 8:41 p.m.3 views

Arbitrary File Upload

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary File Upload in the backup restoration, due to insufficient filtering of configuration files. An attacker with access to create...

8CVSS6.1AI score0.00708EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.5 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.27 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

0.06583EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

OpenAI Codex CLI 安全漏洞

OpenAI Codex CLI is a lightweight coding agent software developed by OpenAI and run in the terminal. OpenAI Codex CLI versions prior to v0.23.0 have security vulnerabilities; these vulnerabilities stem from automatically loading malicious MCP configuration files, which may allow arbitrary code to...

9.8CVSS6.2AI score0.06583EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Intake 代码注入漏洞

Intake is an open-source Python toolkit for data loading and processing. Versions of Intake prior to 2.0.9 had a code injection vulnerability. This vulnerability stemmed from the automatic expansion of shell syntax during directory parsing, which could lead to the execution of host system command...

8.8CVSS6AI score0.00428EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/10 6:51 p.m.4 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to the insecure default configuration that loads configuration files from the C:\etc directory on Windows systems. An attacker can compromise confidentiality, integrity, and availability by placing...

8.5CVSS6.6AI score0.00129EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 10:40 a.m.3 views

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core through Malicious Configuration Files or Environment Variables

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

5.9CVSS7.1AI score0.00404EPSS
Exploits0Affected Software1
CVE
CVE
added 2024/09/12 7:37 p.m.107 views

CVE-2024-20430

CVE-2024-20430 affects Cisco Meraki Systems Manager (SM) Agent for Windows. The issue stems from incorrect handling of directory search paths at runtime, enabling an authenticated, local attacker to read and place malicious configuration files and DLLs that are executed when SM launches at startu...

7.3CVSS7.3AI score0.002EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2024/08/06 2:0 a.m.6 views

SUSE CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7.8CVSS8.1AI score0.00926EPSS
Exploits2References3
OSV
OSV
added 2023/09/05 11:15 p.m.6 views

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS5.9AI score0.00183EPSS
Exploits0References2
Prion
Prion
added 2023/09/05 11:15 p.m.33 views

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

4.3CVSS7.8AI score0.00183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/05 10:55 p.m.42 views

CVE-2023-4487 GE Digital CIMPLICITY Process Control

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS8AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 8:15 p.m.4 views

CVE-2023-0598

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

9.8CVSS7.5AI score0.00571EPSS
Exploits0References2
NVD
NVD
added 2023/03/16 8:15 p.m.32 views

CVE-2023-0598

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

9.8CVSS9AI score0.00571EPSS
Exploits0References2
Veracode
Veracode
added 2020/03/06 3:25 a.m.20 views

Directory Traversal

spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...

6.5CVSS5.2AI score0.6876EPSS
Exploits0References1Affected Software2
exploitpack
exploitpack
added 2001/09/08 12:0 a.m.16 views

Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation

Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation source: https://www.securityfocus.com/bid/3312/info Taylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor. A problem has been discovered in Taylor UUCP that makes it possible for local users to gain...

0.5AI score
Exploits0
Rows per page
Query Builder