Lucene search
K

321 matches found

Nuclei
Nuclei
added yesterday93 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.1AI score0.87113EPSS
Exploits4References5
NVD
NVD
added 2026/06/25 1:16 a.m.8 views

CVE-2026-9153

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 a.m.7 views

CVE-2026-9155

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS0.00916EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 a.m.11 views

CVE-2026-9154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:33 a.m.4 views

CVE-2026-9153

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS6AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 12:33 a.m.35 views

CVE-2026-9153 Arbitrary File Read in Rapid7 InsightConnect Sed Plugin

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39155

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

6.5CVSS6AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:33 a.m.14 views

CVE-2026-9153

CVE-2026-9153 affects the Rapid7 InsightConnect Sed Plugin on Linux. The vulnerability is an Arbitrary File Read caused by insufficient input validation in the expression parameter, exploitable by an authenticated attacker to read arbitrary files. Documents do not provide exploit details, affecte...

6.5CVSS6AI score0.00308EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 12:29 a.m.14 views

CVE-2026-9154

CVE-2026-9154 concerns the Rapid7 InsightConnect Sed Plugin for Linux. The vulnerable component is the plugin’s expression parameter, enabling an authenticated attacker to perform arbitrary file writes to arbitrary file paths. Documented impact is high integrity risk and potential local file mani...

7.1CVSS6AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 12:29 a.m.34 views

CVE-2026-9154 Arbitrary File Write in Rapid7 InsightConnect Sed Plugin

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:29 a.m.5 views

EUVD-2026-39154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

7.1CVSS6AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:25 a.m.8 views

EUVD-2026-39153

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS6.2AI score0.00916EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 12:25 a.m.32 views

CVE-2026-9155 OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...

8.8CVSS0.00916EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:25 a.m.13 views

CVE-2026-9155

The CVE-2026-9155 issue affects the Rapid7 InsightConnect Sed Plugin running on Linux. It is a command-injection vulnerability in the expression parameter, caused by insufficient input validation, enabling authenticated attackers to run arbitrary OS commands on the host. The commonly cited score ...

8.8CVSS6.2AI score0.00916EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52160

Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An arbitrary file write issue exists where authenticated attackers can write controlled content to any file path. This is achieved by manipulating the...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52159

Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description Insufficient input validation in the Sed Plugin allows authenticated attackers to read arbitrary files. This is achieved by manipulating the expression...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52161

Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An OS Command Injection issue exists in the Sed Plugin on Linux. Authenticated attackers can execute arbitrary operating system commands through the expressi...

8.8CVSS6AI score0.00916EPSS
Exploits0References7
OSV
OSV
added 2026/06/22 2:30 p.m.3 views

OPENSUSE-SU-2026:21024-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22325-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 2:28 p.m.3 views

SUSE-SU-2026:22256-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
Rows per page
Query Builder