Lucene search
K

1382 matches found

Nuclei
Nuclei
added 6 days ago210 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
CVE
CVE
added 2026/06/26 1:59 a.m.27 views

CVE-2026-8661

CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 1:59 a.m.40 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 1:59 a.m.10 views

EUVD-2026-39616

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS6.2AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 a.m.11 views

CVE-2026-8658

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

8.8CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8664

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

8.8CVSS0.00833EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8660

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

9.8CVSS0.00675EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.10 views

CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

9.8CVSS0.00675EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.13 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

9.8CVSS0.00675EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8592

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

9.8CVSS0.00675EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:56 a.m.32 views

CVE-2026-8658 OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS0.00833EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:56 a.m.6 views

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:56 a.m.17 views

CVE-2026-8658

CVE-2026-8658 describes an OS Command Injection in the Rapid7 InsightConnect Tcpdump Plugin running on Linux, caused by insufficient input sanitization during shell command construction. The vulnerability affects the plugin’s handling of options and filter parameters, allowing an authenticated at...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:51 a.m.6 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:51 a.m.6 views

EUVD-2026-39162

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:51 a.m.33 views

CVE-2026-8662 Path Traversal in Rapid7 InsightConnect Compression Plugin

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:51 a.m.13 views

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:35 a.m.33 views

CVE-2026-8666 OS Command Injection in Rapid7 InsightConnect Traceroute Plugin

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:35 a.m.5 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:35 a.m.18 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder