Lucene search
K

6584 matches found

RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.38 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.12797EPSS
Exploits9References5
NVD
NVD
added 2026/06/02 10:16 a.m.13 views

CVE-2025-52766

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS0.00174EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:41 a.m.11 views

EUVD-2025-210034

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:41 a.m.40 views

CVE-2025-52766 WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 9:41 a.m.10 views

CVE-2025-52766 WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:41 a.m.17 views

CVE-2025-52766

Summary: CVE-2025-52766 affects the WordPress plugin “Printeers Print & Ship” (versions up to 1.17.0). The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels. The CVSS 3.1 base metrics indicate a network exploit, ...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:41 a.m.9 views

CVE-2025-52766

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45717

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/02 12:0 a.m.77 views

📄 Samba Print Command Injection

This Python proof of concept framework analyzes Samba printing configurations for unsafe print command usage involving the %J variable and demonstrates how command injection conditions could arise in vulnerable setups. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

WordPress plugin Printeers Print & Ship 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

6.5CVSS5.5AI score0.00174EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.19 views

Samba Print Configuration Checker

This Python script is a lightweight configuration analysis tool designed to inspect Samba smb.conf printing settings and identify potentially unsafe print command configurations associated with command injection risks. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/29 10:30 p.m.8 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the executecode function. An attacker can achieve arbitrary command execution on the host system by leveragi...

9.9CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 10:30 p.m.14 views

GHSA-4MR5-G6F9-CFRH PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

9.9CVSS6.3AI score0.0012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.28 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

6.3AI score0.0012EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

9.9CVSS6.4AI score0.0012EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...

7.8CVSS6.3AI score0.00502EPSS
Exploits8References24
NVD
NVD
added 2026/05/28 4:16 p.m.17 views

CVE-2026-44672

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 2:35 p.m.32 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 2:35 p.m.14 views

EUVD-2026-32909

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:35 p.m.12 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder