Lucene search
K

15304 matches found

Nuclei
Nuclei
added 2026/06/25 5:45 a.m.27 views

FortiWeb - Authentication Bypass

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

9.8CVSS6.3AI score0.89526EPSS
Exploits17References4
NVD
NVD
added 2026/06/25 2:16 a.m.10 views

CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

9.8CVSS0.00675EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.187 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent - WLS Security is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attacke...

7.5CVSS7.5AI score0.99993EPSS
Exploits45References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:52 p.m.5 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 5:29 p.m.30 views

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.54 views

CVE-2026-56274 Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS0.02683EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.124 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.6AI score0.97836EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.45 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7.4AI score0.96015EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:1 a.m.8 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 12:46 a.m.9 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
Redos
Redos
added 2026/06/23 12:0 a.m.4 views

ROS-20260623-73-0014

Vulnerability in Python 3.11 related to the lack of measures taken to clean data at the management level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.6 views

ROS-20260623-73-0011

The vulnerability in Python3 is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.6 views

ROS-20260623-73-0013

Vulnerability in Python 3.10 related to the failure to take measures for data cleaning at the management level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.4 views

ROS-20260623-73-0016

Vulnerability in Python 3.13 related to the failure to take measures for data cleaning at the management level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
Redos
Redos
added 2026/06/23 12:0 a.m.4 views

ROS-20260623-73-0012

Vulnerability in Python 3.9 related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

7.1CVSS6.2AI score0.0029EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1845)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1845 advisory. During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2025-210293

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/19 2:46 p.m.7 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba, particularly in the handling of the front-end WINS hook: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets is inserted into shell commands and executed b...

10CVSS8.1AI score0.39677EPSS
Exploits2References2
Rows per page
Query Builder