Lucene search
K

17009 matches found

Cvelist
Cvelist
added 2026/06/25 1:32 a.m.30 views

CVE-2026-8592 OS Command Injection in Rapid7 InsightConnect AWK Plugin

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:32 a.m.8 views

EUVD-2026-39160

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:52 a.m.13 views

CVE-2026-8660

CVE-2026-8660 describes an OS Command Injection vulnerability in the Linux ping action of the Rapid7 InsightConnect Ping Plugin. The root cause is insufficient input validation when constructing shell commands from the host parameter, enabling remote attackers to execute arbitrary OS commands. Th...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 9:24 p.m.16 views

CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 3:40 a.m.7 views

EUVD-2026-38651

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.33 views

CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in...

8.1CVSS6.4AI score0.00399EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/23 9:13 a.m.19 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.8 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.4 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51510

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description The software fails to block at least seven Python standard library modules, including uuid, osx support, aix support, pyrepl.pager, and imaplib. This oversight exposes eight functions that allow...

9.8CVSS6.2AI score0.00757EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

RHEL 9 : samba (RHSA-2026:28054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28054 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits7References12
NVD
NVD
added 2026/06/22 9:16 p.m.11 views

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS0.00227EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:16 p.m.2 views

UBUNTU-CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 2:32 a.m.8 views

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 4:28 p.m.31 views

CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS0.00399EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Vim

A heap buffer overflow occurred in the vimstrncpy findword function in the GitHub repository vim/vim, prior to version 8.2.4919. This vulnerability could potentially cause software to crash, enable bypassing the protection mechanism, modify memory, and even allow remote execution...

7.8CVSS7.5AI score0.02303EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Vim

Buffer over-reading in the findnextquote function in the GitHub repository’s Vim/Vim version prior to 8.2.4925. These vulnerabilities can cause software to crash, modify memory, and may lead to remote execution...

7.8CVSS6.9AI score0.01842EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libxstream-java

XStream is software used for serializing Java objects into XML and back again. A vulnerability exists in XStream versions prior to 1.4.17, which may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. However, users who...

8.8CVSS7.3AI score0.77735EPSS
Exploits1References2
Rows per page
Query Builder