CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0305

Malware in sbrugna...

6.9CVSS6.6AI score0.00547EPSS

Exploits1References20

Microsoft CVE•added 2025/10/02 6:10 a.m.•2 views

In older versions of Sendmail, an attacker could use a pipe character to execute root commands.

...

7.2CVSS7AI score0.00224EPSS

Exploits0

CNNVD•added 2023/11/10 12:0 a.m.•1 views

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that if a user's full name uses "|" and the user is quoted, updating the user's...

5.4CVSS6.7AI score0.0395EPSS

Exploits0References4

RedHat Linux•added 2021/11/16 3:43 p.m.•2 views

rake: OS Command Injection via egrep in Rake::FileList

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS7.2AI score0.00547EPSS

Exploits1References5

OSV•added 2021/07/15 12:0 a.m.•1 views

UBUNTU-CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

7CVSS7.1AI score0.00351EPSS

Exploits0References6

OSV•added 2021/05/06 11:2 a.m.•1 views

OESA-2021-1150 rubygem-mini_magick security update

A ruby wrapper for ImageMagick command line. Using MiniMagick the ruby processes memory remains small it spawns ImageMagick's command line program mogrify which takes up some memory as well, but is much smaller compared to RMagick. Security Fixes: In lib/minimagick/image.rb in MiniMagick before...

7.8CVSS7.1AI score0.29121EPSS

Exploits1References2

OSV•added 2020/02/28 4:54 p.m.•22 views

GHSA-JPPV-GW3R-W3Q8 OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.4CVSS6.8AI score0.00547EPSS

Exploits1References11

OSV•added 2020/02/24 3:15 p.m.•20 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.4CVSS6.5AI score

Exploits0References6

Prion•added 2020/02/24 3:15 p.m.•10 views

Command injection

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS6.6AI score0.00547EPSS

Exploits1References6Affected Software5

UbuntuCve•added 2020/02/24 3:15 p.m.•11 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS6.7AI score0.00547EPSS

Exploits1References3

Debian CVE•added 2020/02/24 2:41 p.m.•20 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS6.8AI score0.00547EPSS

Exploits1

OSV•added 2020/02/20 10:15 p.m.•0 views

CVE-2020-9015

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices and possibly other products allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly...

9.8CVSS7.3AI score0.78409EPSS

Exploits4References4

Positive Technologies•added 2020/02/20 12:0 a.m.•1 views

PT-2020-20430 · Arista · Arista Dcs-7050Cx3-32S-R +2

Name of the Vulnerable Software and Affected Versions: Arista DCS-7050QX-32S-R version 4.20.9M Arista DCS-7050CX3-32S-R version 4.20.11M Arista DCS-7280SRAM-48C6-R version 4.22.0.1F Description: The issue allows attackers to bypass intended TACACS+ shell restrictions via a | character. This is...

9.8CVSS7.4AI score0.78409EPSS

Exploits4References9

Debian CVE•added 2016/06/10 3:0 p.m.•34 views

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...

10CVSS8.3AI score0.37736EPSS

Exploits1

Tenable Nessus•added 2008/08/07 12:0 a.m.•256 views

GLSA-200808-03 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200808-03 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS...

10CVSS6.2AI score0.24183EPSS

Exploits5References17

Prion•added 2008/07/17 1:41 p.m.•30 views

Design/Logic Flaw

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

2.6CVSS6.5AI score0.43143EPSS

Exploits1References38Affected Software1

RedHat Linux•added 2008/07/16 12:53 p.m.•2 views

Firefox command line URL launches multi-tabs

9.3CVSS5.8AI score0.43143EPSS

Exploits1References4

Cvelist•added 2007/10/31 4:0 p.m.•11 views

CVE-2002-2365

Simple WAIS SWAIS 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" pipe character...

7.7AI score0.01937EPSS

Exploits1References3

UbuntuCve•added 2006/05/26 1:6 a.m.•19 views

CVE-2006-2611

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

4.3CVSS6.1AI score0.01413EPSS

Exploits1References1