321 matches found
pfSense - Arbitrary File Write
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...
CVE-2026-9153
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...
CVE-2026-9155
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...
CVE-2026-9154
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...
CVE-2026-9153
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...
CVE-2026-9153 Arbitrary File Read in Rapid7 InsightConnect Sed Plugin
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...
EUVD-2026-39155
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...
CVE-2026-9153
CVE-2026-9153 affects the Rapid7 InsightConnect Sed Plugin on Linux. The vulnerability is an Arbitrary File Read caused by insufficient input validation in the expression parameter, exploitable by an authenticated attacker to read arbitrary files. Documents do not provide exploit details, affecte...
CVE-2026-9154
CVE-2026-9154 concerns the Rapid7 InsightConnect Sed Plugin for Linux. The vulnerable component is the plugin’s expression parameter, enabling an authenticated attacker to perform arbitrary file writes to arbitrary file paths. Documented impact is high integrity risk and potential local file mani...
CVE-2026-9154 Arbitrary File Write in Rapid7 InsightConnect Sed Plugin
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...
EUVD-2026-39154
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...
EUVD-2026-39153
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...
CVE-2026-9155 OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation...
CVE-2026-9155
The CVE-2026-9155 issue affects the Rapid7 InsightConnect Sed Plugin running on Linux. It is a command-injection vulnerability in the expression parameter, caused by insufficient input validation, enabling authenticated attackers to run arbitrary OS commands on the host. The commonly cited score ...
PT-2026-52160
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An arbitrary file write issue exists where authenticated attackers can write controlled content to any file path. This is achieved by manipulating the...
PT-2026-52159
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description Insufficient input validation in the Sed Plugin allows authenticated attackers to read arbitrary files. This is achieved by manipulating the expression...
PT-2026-52161
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An OS Command Injection issue exists in the Sed Plugin on Linux. Authenticated attackers can execute arbitrary operating system commands through the expressi...
OPENSUSE-SU-2026:21024-1 Security update for sed
This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...
SUSE-SU-2026:22256-1 Security update for sed
This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...
SUSE-SU-2026:22325-1 Security update for sed
This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...