Lucene search
K

16 matches found

Nuclei
Nuclei
added yesterday30 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS7.2AI score0.142EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

RockyLinux 10 : dracut (RLSA-2026:26532)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26532 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

RHEL 9 : dracut (RHSA-2026:26533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26533 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/06/17 12:0 a.m.14 views

Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 8:16 p.m.5 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS0.13789EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:13 p.m.9 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/23 7:13 p.m.90 views

CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS0.13789EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 9:46 p.m.6 views

GHSA-CVRR-QHGW-2MM6 Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

7.7CVSS6.4AI score0.13789EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-34733

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description Flowise is a drag and drop user interface for building customized large language model flows. An unauthenticated remote command execution issue exists where a parameter override bypass can be achieve...

9.8CVSS7.6AI score0.13789EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

8.8CVSS5.7AI score0.00433EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 2:12 a.m.18 views

CVE-2026-3241

Concrete CMS versions below 9.4.8 are affected by a stored XSS in the Legacy Form block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple‑choice question (Checkbox List, Radio But...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.4 views

PT-2022-23761 · Ahsay · Ahsaycbs

Name of the Vulnerable Software and Affected Versions: Ahsay AhsayCBS version 9.1.4.0 Description: The issue allows an authenticated system user to inject arbitrary Java JVM options. Administrators with the ability to modify the Runtime Options in the web interface can inject Java Runtime Options...

7.2CVSS7.4AI score0.20785EPSS
Exploits1References8
OSV
OSV
added 2020/05/13 4:29 p.m.1 views

GHSA-M8XJ-5V73-3HH8 curlrequest allows execution of arbitrary commands

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values...

9.8CVSS7.5AI score0.01884EPSS
Exploits1References4
NVD
NVD
added 2020/03/15 10:15 p.m.34 views

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

9.8CVSS9.6AI score0.02644EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/03/15 9:23 p.m.37 views

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

9.7AI score0.02644EPSS
Exploits1References1
Rows per page
Query Builder