Lucene search
K

19635 matches found

Vulnrichment
Vulnrichment
added 2026/01/17 9:2 p.m.4 views

CVE-2026-1066 kalcaddle kodbox Compression zip command injection

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

6.5CVSS5.3AI score0.0504EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/17 9:2 p.m.6 views

EUVD-2026-3128

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

6.5CVSS6.4AI score0.0504EPSS
Exploits0References5
CVE
CVE
added 2026/01/17 9:2 p.m.21 views

CVE-2026-1066

The CVE-2026-1066 entry describes a command-injection vulnerability in kalcaddle kodbox (up to version 1.61.10) related to the Compression Handler when processing the file /?explorer/index/zip. The issue can be exploited remotely; the exploit is public. Details on vulnerable component, root cause...

8.8CVSS6.5AI score0.0504EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/17 8:32 p.m.8 views

EUVD-2026-3129

A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be...

5.8CVSS6.3AI score0.04156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/17 8:32 p.m.6 views

CVE-2026-1064 bastillion-io Bastillion System Management SystemKtrl.java command injection

A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be...

5.8CVSS5.3AI score0.04156EPSS
Exploits0References4
NVD
NVD
added 2026/01/17 8:15 p.m.5 views

CVE-2026-1063

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

5.8CVSS0.04156EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/17 8:2 p.m.5 views

CVE-2026-1063

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

5.8CVSS5.1AI score0.04156EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/17 8:2 p.m.7 views

EUVD-2026-3127

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

5.8CVSS6.5AI score0.04156EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/17 8:2 p.m.23 views

CVE-2026-1063 bastillion-io Bastillion Public Key Management System AuthKeysKtrl.java command injection

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

5.8CVSS0.04156EPSS
Exploits0References4
CVE
CVE
added 2026/01/17 8:2 p.m.12 views

CVE-2026-1063

The vulnerability CVE-2026-1063 affects Bastillion (Bastillion up to 4.0.1) in the Public Key Management System. The issue involves manipulation in src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java that enables command injection. Attack is described as executable remotely and publicly ...

5.8CVSS6.7AI score0.04156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/17 9:15 a.m.9 views

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

9.8CVSS8.1AI score0.26163EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.5 views

PT-2026-3370

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

5.8CVSS7AI score0.04156EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.9 views

PT-2026-5425

Name of the Vulnerable Software and Affected Versions Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon affected versions not specified Description A flaw exists in the Login Interface component of the software, specifically within the checkUserFromLanOrWan function located in the...

7.5CVSS7.2AI score0.02537EPSS
Exploits1References11
Exploit DB
Exploit DB
added 2026/01/17 12:0 a.m.164 views

Siklu EtherHaul Series EH-8010 - Remote Command Execution

Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010 and...

9.8CVSS7AI score0.01219EPSS
Exploits3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/16 9:32 p.m.7 views

Malicious code in uitil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0b75197d8e7cd361d61461260811fba8920c54b8538cb5f21ec2fc1c885ec3 The package implements an undocumented way to execute code hidden in image files, and a function that searches for images in the current directory and attempts...

6AI score
Exploits0References3
NVD
NVD
added 2026/01/16 7:16 p.m.3 views

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

6.1CVSS0.00311EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 9:16 a.m.5 views

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

9.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/01/16 9:16 a.m.6 views

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

9.8CVSS0.26163EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/01/16 8:39 a.m.26 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

0.26163EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/01/16 8:39 a.m.3 views

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

7.7AI score0.26163EPSS
Exploits3References1
Rows per page
Query Builder