Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/05 11:24 a.m.0 views

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.00096EPSS
Exploits1References8
ATTACKERKB
ATTACKERKBadded 2026/04/08 9:35 p.m.1 views

CVE-2026-40030

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...

8.4CVSS6AI score0.00025EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/08 9:35 p.m.15 views

CVE-2026-40030 parseusbs < 1.9 Command Injection via Volume Path Argument

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument -v flag is passed unsanitized into an os.popen shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can...

8.4CVSS0.00025EPSS
Exploits0References4
CVE
CVEadded 2026/04/08 9:35 p.m.3 views

CVE-2026-40030

Technical details about CVE-2026-40030 are not provided in the connected documents. Public specifics (affected components, root cause, fixes) are unavailable here; monitor for updates.

8.4CVSS6AI score0.00025EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/08 9:35 p.m.2 views

CVE-2026-40029 parseusbs < 1.9 Command Injection via Crafted LNK Filename

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

8.5CVSS6.2AI score0.00027EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.2 views

PT-2026-31466

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

8.5CVSS6.2AI score0.00027EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2008/04/11 12:0 a.m.16 views

Fedora 8 : comix-3.6.4-6.fc8 (2008-2981)

Several security flaws are reported against comix 3.6.4. One issue is that comix uses os.popen to execute external commands without handling filenames properly. This may allow malicios users to execute arbitrary commands by opening some files with crafted names. This issue is now identified as...

7.5CVSS5.7AI score0.00905EPSS
Exploits0References4
Rows per page
Query Builder