Lucene search
K

966 matches found

NVD
NVD
added 2026/05/21 8:16 a.m.19 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 8:16 a.m.15 views

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 7:35 a.m.7 views

CVE-2026-44076 Shell injection via volume path

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:35 a.m.43 views

CVE-2026-44076 Shell injection via volume path

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:35 a.m.11 views

EUVD-2026-31219

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:35 a.m.26 views

CVE-2026-44076

CVE-2026-44076 affects Netatalk versions 3.1.0 through 4.4.2, with shell injection via volume path. The issue arises from insufficient sanitization of volume paths and is fixed in 4.4.3. Impact is described as local, with potential for arbitrary code execution by a local privileged user through a...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.17 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0
EUVD
EUVD
added 2026/05/21 7:34 a.m.11 views

EUVD-2026-31230

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.44 views

CVE-2026-44055 Bitwise OR logic bug enables shell injection

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.23 views

CVE-2026-44055

Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42693

Name of the Vulnerable Software and Affected Versions KnpLabs Snappy versions prior to 1.7.1 Description A shell injection issue exists on POSIX systems where the escapeshellarg function returns a string containing single-quote characters. This causes the is executable check to fail, as it search...

7.5CVSS5.9AI score0.00152EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

9.9CVSS6.1AI score0.00477EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in JRuby

In versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, code injection is possible if the first argument also known as the “command” argument passed to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this vulnerability to call arbitrary Ruby methods...

8.1CVSS6.8AI score0.04221EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in maven-shared-utils

In Apache Maven’s maven-shared-utils before version 3.3.3, the Commandline class could generate double-quoted strings without proper escaping, allowing for shell injection attacks...

9.8CVSS7.2AI score0.04031EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 3:21 p.m.5 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

9.6CVSS6AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:21 p.m.7 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

9.6CVSS6AI score0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:31 p.m.7 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41693

Name of the Vulnerable Software and Affected Versions Arcane versions 1.18.1 and earlier Description An issue exists where the endpoint "GET /environments/id/volumes/volumeName/browse" accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside a helper...

6.3CVSS6AI score0.0021EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-43460

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description A shell-metacharacter injection exists in the YPTSocket notification branch within the plugin/Live/on publish.php file. The application constructs a command line for the execAsync function usin...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 9:16 p.m.28 views

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

8.3CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder