Lucene search
K

1033 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function formWifiApScan in the httpd component’s file/goform/WifiApScan, which processes parameters...

8.8CVSS6.6AI score0.02891EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 5:13 a.m.4 views

GHSA-8HG8-63C5-GWMX vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

Summary When a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes...

9.1CVSS6.5AI score0.009EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/27 3:8 p.m.3 views

EUVD-2026-25865

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6AI score0.00558EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/22 9:44 p.m.5 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.1AI score0.01051EPSS
Exploits1
EUVD
EUVD
added 2026/04/22 12:31 a.m.7 views

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.15 views

PT-2026-34573

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/15 9:30 p.m.10 views

EUVD-2026-23031

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 7:16 p.m.6 views

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33132

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00461EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 6:31 a.m.5 views

EUVD-2026-21314

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS7AI score0.03EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/06 5:49 p.m.4 views

Regular Expression without Anchors

Overview Affected versions of this package are vulnerable to Regular Expression without Anchors in the parseModelURL function in Ollama Engine startup probe that allows shell metacharacters like ;, |, $, and backticks. An attacker can execute arbitrary operating system commands by supplying a...

9.4CVSS6.1AI score0.00448EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34938

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

10CVSS6.1AI score0.00707EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/03 10:48 p.m.21 views

CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

9.8CVSS0.00824EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 11:18 p.m.3 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.8 views

CVE-2026-34448

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS6.1AI score0.00489EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.11 views

PT-2026-29824

Summary run python in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executio...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 11:28 p.m.11 views

SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client

Summary An attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary https URLs without extensions as images, stores the...

9CVSS6.7AI score0.00489EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/31 9:44 p.m.23 views

CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS0.00489EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.14 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

10CVSS7.2AI score0.56411EPSS
Exploits0References1
Rows per page
Query Builder