Lucene search
+L

992 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-44978

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS6.1AI score
Exploits0References1
cve
cve
added 2 days ago10 views

CVE-2026-52891

Wekan prior to v9.07 is vulnerable to command execution via avatar upload. The avatar filename is embedded in shell commands in models/avatars.js and models/fileValidation.js, allowing shell metacharacters (e.g., ` and $( ) to run commands on the server through child_process.exec(). Impact: high ...

9.9CVSS6.2AI score0.00403EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2 days ago9 views

PT-2026-60317

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.07 Description The avatar upload functionality allows the embedding of user-supplied filenames into paths that are subsequently passed to the child process.exec function for MIME-type detection. Specifically, the...

9.9CVSS6.3AI score0.00403EPSS
Exploits0References5
nuclei
nuclei
added 6 days ago49 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7AI score0.99585EPSS
Exploits5References5
cvelist
cvelist
added 2026/07/09 5:35 p.m.32 views

CVE-2026-59734 Coolify: OS Command Injection in Health Check Configuration Allows Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS0.00417EPSS
Exploits1References4
cve
cve
added 2026/07/09 4:31 a.m.13 views

CVE-2026-41857

CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/07/09 4:31 a.m.31 views

CVE-2026-41857 BOSH CLI Shell Injection

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS0.00148EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 9:10 p.m.31 views

CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS0.0016EPSS
Exploits0References4
cve
cve
added 2026/07/08 9:10 p.m.22 views

CVE-2026-55849

The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References4
osv
osv
added 2026/07/08 9:10 p.m.2 views

CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument

@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...

8.5CVSS6.3AI score0.0016EPSS
Exploits0References6
osv
osv
added 2026/07/08 3:8 p.m.2 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS6.2AI score0.00171EPSS
Exploits0References3
cve
cve
added 2026/07/08 3:8 p.m.10 views

CVE-2026-54344

CVE-2026-54344 affects ToolJet prior to version 3.20.180. The render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, enabling any GitHub user who can comment on an open PR with a deploy command to execute shell commands on the CI ...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 4:17 a.m.11 views

CVE-2026-34034

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS0.00403EPSS
Exploits0References3
euvd
euvd
added 2026/07/07 3:15 a.m.6 views

EUVD-2026-41993

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/07 3:15 a.m.8 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/07/07 3:11 a.m.6 views

CVE-2026-34152

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS6.1AI score0.00372EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.10 views

PT-2026-56136

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...

8.8CVSS6AI score0.00403EPSS
Exploits0References7
cve
cve
added 2026/07/06 6:44 p.m.17 views

CVE-2026-55798

Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...

4.5CVSS6AI score0.00136EPSS
Exploits1References5Affected Software1
alpinelinux
alpinelinux
added 2026/07/06 6:44 p.m.4 views

CVE-2026-55798

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6.2AI score0.00136EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.10 views

PT-2026-56070

Name of the Vulnerable Software and Affected Versions linuxfabrik-lib versions prior to 5.0.0 Linuxfabrik Monitoring Plugins versions prior to 5.2.0 Description A local privilege escalation issue exists when a check plugin includes user-provided input within a command passed to the shell exec...

7.8CVSS6.3AI score
Exploits0References7
Rows per page
Query Builder