Lucene search
K

651 matches found

CVE
CVE
added yesterday8 views

CVE-2026-60121

CVE-2026-60121 affects Vitec Flamingo 4.12.2. An unauthenticated OS command injection exists in admin/ajax/ping.php due to a double-evaluation flaw in shell argument handling: user-supplied host POST parameter is escaped with escapeshellarg() for a system wrapper, but the decoded value is taken f...

9.8CVSS6.3AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-22100

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS0.01036EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-22100 Comnand injection in OCPP ReserveLogin message

The OCPP DataTransfer message ReserveLogin is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root...

8.6CVSS0.01036EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday25 views

Grandstream UCM6200 - SQL Injection

Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...

10CVSS7.1AI score0.83926EPSS
Exploits8References2
Snyk
Snyk
added 3 days ago4 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS6.6AI score0.00538EPSS
Exploits0References2
CVE
CVE
added 3 days ago22 views

CVE-2026-61445

Summary (CVE-2026-61445) PraisonAI prior to 4.6.78 exposes arbitrary file write and command execution via the AICoder component. The root cause is missing path validation and lack of command sanitization in LLM tool calls, enabling an attacker to inject malicious prompts through the chat interfac...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43181

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2025-30007 HestiaCP < 1.9.5 Authenticated OS Command Injection via DNS Record Management

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidated DNS record types. Attackers can exploit insufficient input validation in...

8.8CVSS0.02077EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42874

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00442EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-56688

Dell PowerFlex Manager (versions before 5.1.0.1) is vulnerable to an OS Command Injection via OS Repository processing, caused by improper neutralization of special elements. A remote, high-privileged attacker could execute arbitrary commands as root, potentially causing full appliance compromise...

9.1CVSS6.3AI score0.01285EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.57 views

Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

10CVSS7.5AI score0.87987EPSS
Exploits8References5
CVE
CVE
added 2026/07/07 1:7 p.m.12 views

CVE-2026-53479

Dell PowerProtect Data Domain is affected: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an OS command injection due to improper neutralization of special elements. A remote high-privileged attacker could exploit this to bypass pr...

7.2CVSS6.2AI score0.01196EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:28 p.m.9 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References8Affected Software1
The Hacker News
The Hacker News
added 2026/06/30 7:38 a.m.16 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.29641EPSS
Exploits3
CVE
CVE
added 2026/06/30 6:0 a.m.28 views

CVE-2026-56808

The CVE-2026-56808 entry concerns the DGM3103SCT device from AVTECH Security Corporation. The vulnerability is described as an OS command injection that can allow arbitrary command execution with root privileges by a user who can log in to the device’s web management console. The available connec...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 6:16 p.m.7 views

EUVD-2026-40172

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53737

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection issue exists in the Destination Network Management functionality. Users with destination management permissions can execute arbitrary commands as root on...

8.8CVSS6.8AI score0.01092EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : cups (EulerOS-SA-2026-2437)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local...

7.8CVSS6.7AI score0.00502EPSS
Exploits7References8
Rows per page
Query Builder