Lucene search
K

359 matches found

Cvelist
Cvelist
added 2026/07/07 3:6 a.m.33 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS0.00403EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS6.1AI score0.00533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 11:17 a.m.6 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.14.68 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.8CVSS6.9AI score0.03663EPSS
Exploits29References11
Snyk
Snyk
added 2026/06/18 2:26 p.m.7 views

Incorrect Authorization

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Incorrect Authorization via the shell function. An attacker can execute arbitrary shell commands with the privileges of the runni...

8.8CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/05/22 3:16 p.m.15 views

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

5.5CVSS0.00067EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively larg...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.12 views

F5 Networks BIG-IP : BIG-IP DNS tmsh vulnerability (K000157981)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000157981 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that ma...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in zsh

In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...

7.8CVSS7.9AI score0.0198EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in OpenSSH

In SSH in OpenSSH before version 9.6, OS command injection could occur if a user name or host name contained shell metacharacters, and this name was referenced by an expansion token in certain situations. For example, a untrusted Git repository might contain a submodule with shell metacharacters ...

6.5CVSS6.4AI score0.19753EPSS
Exploits8References2
The Hacker News
The Hacker News
added 2026/04/28 5:50 a.m.22 views

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 CVSS score: 4.3, a spoofing vulnerability that could allow an attacker to...

8.8CVSS7.4AI score0.64095EPSS
Exploits5
OSV
OSV
added 2026/04/23 8:45 a.m.5 views

BIT-MYSQL-SHELL-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS7.2AI score0.00153EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.11 views

KB5082127: Windows Server 2012 Security Update (April 2026)

The remote Windows host is missing security update 5082127. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-32225 - Use after free in Remote Desktop Client...

8.8CVSS7.6AI score0.64095EPSS
Exploits9References58
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: openssh (UTSA-2026-006162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006162 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...

3.6CVSS6AI score0.00113EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 4:39 p.m.6 views

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

7.5CVSS6.3AI score0.00363EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/04 5:6 p.m.35 views

CVE-2026-20009 Cisco Secure Firewall Adaptive Security Appliance SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...

5.3CVSS0.00381EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/29 9:37 p.m.16 views

EUVD-2026-4948

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0016: container-tools:an8 (ALINUX3-SA-2026:0016)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0016 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-47913: SSH clients receiving SSHAGENTSUCCE...

7.5CVSS6AI score0.00632EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 4 : ksh-20120801-38.AXS4 (AXSA:2020-4474:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4474:01 advisory. ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection CVE-2019-14868 Tenable has extracted the...

7.8CVSS5.7AI score0.01385EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 6:16 p.m.6 views

CVE-2026-20847

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

6.5CVSS0.013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.24 views

CVE-2025-23942

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through = 2.1.6...

9.1CVSS7.2AI score0.02622EPSS
Exploits1References1
Rows per page
Query Builder