Lucene search
K

7921 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.6 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.6AI score0.01934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.5 views

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.6AI score0.01897EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.7 views

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8.8CVSS6.5AI score0.01518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.6 views

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS6.6AI score0.01934EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/27 9:33 p.m.9 views

Malicious code in cdf-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b42b01e54e7410b51742faa0cb35fe74a73333f619cd8634b5491d3b32418732 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/02/27 9:33 p.m.5 views

MAL-2026-1082 Malicious code in cdf-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b42b01e54e7410b51742faa0cb35fe74a73333f619cd8634b5491d3b32418732 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/27 1:50 p.m.9 views

Malicious code in cicd-ppe-redteam-test02 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 14adb6733ca8f958770b9766a7f255fbd8562886dce3b42cee772eac50e52d0f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/02/27 1:42 p.m.6 views

MAL-2026-1063 Malicious code in cicd-ppe-redteam-test01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ff0b643e9e96817244b6499fdbcfd26b6c26cf366980909a6461e4c15b389fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/02/27 11:32 a.m.2 views

SUSE-SU-2026:20615-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...

9.8CVSS7.1AI score0.00424EPSS
Exploits2References439
EUVD
EUVD
added 2026/02/27 3:30 a.m.9 views

EUVD-2026-8971

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.5 views

EUVD-2026-8955

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution...

8CVSS6.5AI score0.01518EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.1AI score0.01934EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS6.4AI score0.01934EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.7 views

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS0.01934EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 1:16 a.m.4 views

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution...

8.8CVSS6.5AI score0.01518EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 1:16 a.m.10 views

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8.8CVSS0.01518EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:6 a.m.3 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.1AI score0.01934EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 1:6 a.m.4 views

CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS6.3AI score0.01934EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 1:6 a.m.18 views

CVE-2026-3037

The CVE-2026-3037 entry concerns XWEB Pro, affected through version 1.12.1 and earlier. The connected documents confirm an OS command injection vulnerability that allows an authenticated attacker to achieve remote code execution by injecting malicious input into the MBird SMS service URL and/or c...

8.8CVSS6AI score0.01934EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 1:6 a.m.20 views

CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS0.01934EPSS
Exploits0References3
Rows per page
Query Builder