Lucene search
K

31217 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/22 7:42 p.m.10 views

Malicious code in myasicapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62067570b5217e75a025ba09e5e4f0d059439d8a7d30e056bdd501fe97e4f844 The code and related Github project promise to monitor hardware cryptominers. However, the code additionally hides two malicious capabilities functionalities: ...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/02/22 7:42 p.m.8 views

MAL-2026-984 Malicious code in myasicapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62067570b5217e75a025ba09e5e4f0d059439d8a7d30e056bdd501fe97e4f844 The code and related Github project promise to monitor hardware cryptominers. However, the code additionally hides two malicious capabilities functionalities: ...

5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/22 6:54 p.m.156 views

exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/22 1:27 a.m.4 views

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

9.8CVSS6.3AI score0.08498EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.3 views

CVE-2025-68549

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through 2.0.1...

9.9CVSS5.5AI score0.00434EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/21 4:6 p.m.183 views

Exploit for CVE-2026-27574

CVE-2026-27574-OneUptime-RCE !Authorhttps://img.shields.io/...

9.9CVSS6.1AI score0.00504EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:35 a.m.5 views

CVE-2026-27487

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

7.6CVSS5.5AI score0.012EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/02/21 9:35 a.m.29 views

CVE-2026-27487

OpenClaw vulnerability CVE-2026-27487: macOS keychain refresh path builds a shell command to write the updated payload, enabling OS command injection when OAuth tokens are user-controlled. Affected: openclaw versions ≤ 2026.2.13. Impact: arbitrary commands could run on the host; CVSS details show...

8CVSS5.5AI score0.012EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 9:35 a.m.4 views

CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

7.6CVSS5.4AI score0.012EPSS
Exploits0References6
OSV
OSV
added 2026/02/21 9:35 a.m.7 views

CVE-2026-27487 OpenClaw: Prevent shell injection in macOS keychain credential write

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data,...

7.6CVSS5.5AI score0.012EPSS
Exploits0References8
OSV
OSV
added 2026/02/21 8:48 a.m.6 views

CLSA-2026-1771663697 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

5.3CVSS6.4AI score0.00611EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/02/21 4:11 a.m.154 views

Informix-INFORMIXDIR-bof-exploit

informix-informixdir-bof A root shell exploit for a stack-bas...

6.4AI score
Exploits0
OSV
OSV
added 2026/02/20 11:16 p.m.4 views

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

9.8CVSS6.3AI score0.08498EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 10:16 p.m.4 views

UBUNTU-CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 8:52 p.m.24 views

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

8.1CVSS0.02213EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 8:52 p.m.4 views

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

8.1CVSS5.6AI score0.02213EPSS
Exploits1References5
CVE
CVE
added 2026/02/20 8:52 p.m.16 views

CVE-2026-27190

Deno prior to 2.6.8 contains a command injection in the node:child_process polyfill when shell: true is used, fixed in 2.6.8 (CVE-2026-27190). Red Hat and other sources corroborate the fix in 2.6.8. A related follow-on (CVE-2026-32260) describes a bypass of the 27190 fix in 2.7.0–2.7.1 due to a p...

9.8CVSS5.6AI score0.02213EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 8:52 p.m.3 views

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

8.1CVSS5.5AI score0.02213EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 7:23 p.m.12 views

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

10CVSS0.00955EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/20 6:0 p.m.157 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

Heavily influenced/copied/based on the format of a similar repo...

9.3CVSS6.2AI score0.47467EPSS
Exploits70
Rows per page
Query Builder