Lucene search
K

4365 matches found

Nuclei
Nuclei
added 19 hours ago27 views

Enigma NMS < 65.0.0 - Authenticated OS Command Injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...

10CVSS7.3AI score0.25279EPSS
Exploits5References3
Nuclei
Nuclei
added 19 hours ago80 views

Websvn <2.6.1 - Remote Code Execution

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. id: CVE-2021-32305 info: name: Websvn 2.6.1 - Remote Code Execution author: gy741 severity: critical description: WebSVN before 2.6.1 allows remote attackers to execute...

10CVSS7.3AI score0.86716EPSS
Exploits9References5
Nuclei
Nuclei
added 19 hours ago132 views

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

9.8CVSS7AI score0.14003EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago60 views

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

10CVSS7.6AI score0.21842EPSS
Exploits1References5
NVD
NVD
added 5 days ago6 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
CVE
CVE
added 6 days ago11 views

CVE-2026-34168

CVE-2026-34168 affects Coolify prior to 4.0.0-beta.471. The vulnerability arises from the LocalPersistentVolume.name field being interpolated directly into docker volume commands without shell-escaping, enabling an authenticated user to inject and execute commands on managed servers when the reso...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-56137

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters in...

8.8CVSS6AI score0.00435EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/06 9:22 p.m.36 views

CVE-2026-34049 Coolify: Command Injection via unsanitized MongoDB collection names in database backup

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:22 p.m.6 views

CVE-2026-34049

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS6AI score0.00195EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 9:12 p.m.6 views

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score0.00316EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/01 5:16 p.m.5 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-34115

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-34113

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00537EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-34111

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-34108

Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...

9.8CVSS0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:23 p.m.7 views

EUVD-2026-41075

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:23 p.m.17 views

CVE-2026-34116

The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:18 p.m.6 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:17 p.m.9 views

EUVD-2026-41066

Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:17 p.m.36 views

CVE-2026-34108 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...

9.8CVSS0.00549EPSS
Exploits0References2
Rows per page
Query Builder