Lucene search
K

17035 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54366

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in DevTools allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Use after free is a memory corruption flaw...

9.6CVSS6.4AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.15 views

PT-2026-53941

Name of the Vulnerable Software and Affected Versions Orkes Conductor versions 3.21.21 through 3.30.1 Description An unauthenticated remote code execution issue exists that allows remote attackers to execute arbitrary OS commands. This occurs when malicious JavaScript or Python expressions are...

9.8CVSS6.6AI score0.00938EPSS
Exploits1References8
NVD
NVD
added 2026/06/29 5:16 p.m.10 views

CVE-2026-13751

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

9.6CVSS0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:45 p.m.6 views

CVE-2026-13590

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack...

6.3CVSS5.7AI score0.00394EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-519 Ray OS Command Injection vulnerability

A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...

9.8CVSS7.2AI score0.81512EPSS
Exploits22References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-296 Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

9.8CVSS8.1AI score0.01497EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-543 Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...

10CVSS7.9AI score0.0083EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 a.m.8 views

CVE-2026-13519

A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could ...

9CVSS0.00466EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-0685

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS0.00726EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 3:45 p.m.39 views

CVE-2026-0685 Server side template inject (SSTI) in Edgewall Genshi Template Engine

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

0.00726EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:31 p.m.7 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

Oracle Linux 8 : 389-ds:1.4 (ELSA-2026-26459)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26459 advisory. - Resolves: RHEL-178076 - CVE-2026-9064 389-ds:1.4/389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification...

7.5CVSS6.4AI score0.01038EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 7:32 p.m.4 views

OPENSUSE-SU-2026:21061-1 Security update for libaom

This update for libaom fixes the following issues - CVE-2026-56208: untrusted encoder configuration inputs can lead to a heap-based buffer overflow and a process crash bsc1268650. - CVE-2026-56209: crafted video frames with specific Y-plane pixel values can lead to an arbitrary memory write...

7.6CVSS6.7AI score0.00399EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 1:12 p.m.13 views

CVE-2026-56049

CVE-2026-56049 affects WordPress Post Snippets plugin and is a Remote Code Execution vulnerability in versions

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 5:24 a.m.5 views

CVE-2026-12244

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...

8.8CVSS5.9AI score0.00303EPSS
Exploits0
NVD
NVD
added 2026/06/25 2:16 a.m.11 views

CVE-2026-8592

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

9.8CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:35 a.m.5 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:35 a.m.17 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 1:32 a.m.12 views

CVE-2026-8592

The vulnerability CVE-2026-8592 affects the Rapid7 InsightConnect AWK Plugin (Linux) where the process_string action constructs shell commands unsafely in the processing pipeline, enabling OS command execution via text or expression parameters. This is a remote issue with potential impact on conf...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 1:32 a.m.9 views

EUVD-2026-39160

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
Rows per page
Query Builder