Lucene search
K

81 matches found

OSV
OSV
added 2026/07/01 1:15 p.m.2 views

SUSE-SU-2026:2720-1 Security update for dracut

This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 055+suse.365.g79144c5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...

7.5CVSS6.2AI score0.01131EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/09 11:16 a.m.67 views

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 - GitHub Enterprise Server that allowed an Remot...

8.8CVSS6.7AI score0.35858EPSS
Exploits5
EUVD
EUVD
added 2026/06/01 5:36 p.m.15 views

EUVD-2026-33727

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

8.1CVSS5.9AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:13 p.m.12 views

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/22 8:44 p.m.103 views

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...

8.8CVSS6AI score0.35858EPSS
Exploits5
OSV
OSV
added 2026/05/15 11:8 p.m.10 views

CLSA-2026-1778881463 ipa: Fix of 3 CVEs

CVE-2023-5455: fix CSRF vulnerability by adding Referer header check to all session endpoints - CVE-2024-1481: validate Kerberos principal name before kinit and pass it with -- separator to prevent option injection - CVE-2024-11029: scrub administrative passwords from process command line and...

6.5CVSS6.2AI score0.0111EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 11:36 p.m.18 views

CLSA-2026-1778000974 python3: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/29 3:52 a.m.124 views

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 PoC — GitHub RCE via X-Stat Push Option Injectio...

8.8CVSS6.3AI score0.35858EPSS
Exploits5
OSV
OSV
added 2026/04/22 8:42 a.m.10 views

CLSA-2026-1776847322 curl: Fix of 3 CVEs

CVE-2022-27781: add limit of certificates which can be traversed breaking infinite loop in NSS cert verification - CVE-2023-27533: prevent TELNET option from IAC injection - CVE-2023-27534: fix SFTP path '' resolving discrepancy...

9.8CVSS5.8AI score0.02434EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2026/04/22 7:12 a.m.6 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/22 6:9 a.m.16 views

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 4:29 p.m.7 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS6AI score0.00308EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/21 3:37 p.m.8 views

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 3:36 p.m.8 views

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 12:5 p.m.11 views

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/04/18 1:7 a.m.7 views

GHSA-MPH4-Q2VM-W2PW Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/18 1:7 a.m.14 views

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

6.9CVSS5.8AI score0.00424EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/17 6:41 p.m.33 views

CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

6.9CVSS0.00424EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/17 6:41 p.m.3 views

CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 6:41 p.m.13 views

CVE-2026-6437

CVE-2026-6437 concerns the AWS EFS CSI Driver (aws-efs-csi-driver) prior to v3.0.1. The flaw is improper neutralization of argument delimiters in the volume handling component, which allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via...

6.9CVSS5.9AI score0.00424EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder