Lucene search
K

132 matches found

NVD
NVD
added 2026/06/12 9:16 p.m.11 views

CVE-2026-42853

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS0.00428EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:37 p.m.8 views

EUVD-2026-36565

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:37 p.m.11 views

CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 4:16 p.m.9 views

Command Injection

Overview @apostrophecms/cli is a Commandline generator and configurator for Apostrophe CMS Affected versions of this package are vulnerable to Command Injection via the apos create command when user-supplied input from the password prompt is embedded directly into a shell command without proper...

6.3CVSS6.1AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:16 p.m.4 views

GHSA-HCWQ-X9FW-8CFQ @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

Summary The @apostrophecms/cli package contains a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-41135

Name of the Vulnerable Software and Affected Versions @apostrophecms/cli versions prior to 3.6.1 Description The @apostrophecms/cli package contains a command injection issue within the apos create command. User-supplied input provided during the password prompt is embedded directly into a shell...

6.5CVSS5.7AI score0.00428EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : gvfs-1.36.2-3.el7 (AXSA:2019-4036:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4036:01 advisory. gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 Tenabl...

7CVSS7AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.3 views

Siemens Ruggedcom ROX Incorrect Implementation of Authentication Algorithm (CVE-2023-4641)

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

5.5CVSS6.4AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 26.2 and Apple iPadOS version 26.2, which stems from a logic issue th...

4.3CVSS6.4AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1426

Malware in sbrugna...

6.5CVSS6.6AI score0.00828EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-9077

Malicious code in bioql PyPI...

9CVSS7.7AI score0.00974EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-39894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming...

7.5CVSS5.7AI score0.01634EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.2 views

Ubuntu 14.04 LTS / 16.04 LTS : cifs-utils vulnerabilities (USN-7688-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7688-1 advisory. Aurlien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly...

7.8CVSS6.6AI score0.01804EPSS
Exploits1References5
OSV
OSV
added 2025/06/03 10:4 a.m.4 views

CLSA-2025-1748945064 Fix CVE(s): CVE-2019-10206, CVE-2019-14856

SECURITY UPDATE: password prompt vulnerability from template expansion - debian/patches/CVE-2019-10206.patch: prevent templating of passwords from prompt to avoid special characters triggering it incorrectly - CVE-2019-10206 - debian/patches/CVE-2019-14856.patch: fix incomplete CVE-2019-10206 pat...

6.5CVSS6.7AI score0.01649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:37 a.m.2 views

CVE-2023-23493

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...

3.3CVSS6.2AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 a.m.5 views

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...

5.5CVSS6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:17 a.m.7 views

CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them...

9.8CVSS6.9AI score0.0161EPSS
Exploits1References1
CVE
CVE
added 2025/03/31 7:38 p.m.70 views

CVE-2025-31124

CVE-2025-31124 (Zitadel) describes a user enumeration flaw in the login flow caused by normalization of the username when the “Ignoring unknown usernames” setting is enabled. Although the UI prompts for a password and returns “Username or Password invalid” for non-existent users, the normalizatio...

5.3CVSS5.2AI score0.00487EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/02/15 12:0 a.m.12 views

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

10CVSS0.02303EPSS
Exploits0References3
Rows per page
Query Builder