Lucene search
K

31220 matches found

Vulnrichment
Vulnrichment
added 2026/02/12 7:57 p.m.5 views

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 7:57 p.m.29 views

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 7:57 p.m.12 views

CVE-2026-25933

The vulnerability CVE-2026-25933 affects Arduino App Lab prior to 0.4.0. The Terminal component fails to sanitize/validate _info.Serial and _info.Address data from connected hardware, allowing specially crafted strings to execute as the user when a tampered board is used. Exploitation requires ph...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 7:57 p.m.5 views

CVE-2026-25933

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/12 7:57 p.m.7 views

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.5 views

CVE-2026-2248

METIS WIC devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root UID 0 privileges. This results in full system compromis...

9.8CVSS6.1AI score0.00514EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.5 views

PT-2026-7918

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

8.8CVSS6.1AI score0.00291EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.5 views

PT-2026-7926

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

9.8CVSS6.5AI score0.00453EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

9.3CVSS6.4AI score0.0327EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7898

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/11 11:2 p.m.191 views

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

8.8CVSS6.7AI score0.25835EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:25 p.m.4 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 9:25 p.m.25 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS0.00911EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 9:16 p.m.5 views

CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

9.8CVSS6.5AI score0.00969EPSS
Exploits0References4
NVD
NVD
added 2026/02/11 9:16 p.m.9 views

CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

9.8CVSS0.00969EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/11 8:37 p.m.4 views

CVE-2020-37186 Chevereto 3.13.4 Core - Remote Code Execution

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

9.8CVSS6.8AI score0.00969EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:37 p.m.4 views

CVE-2020-37186

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

9.8CVSS6.8AI score0.00969EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/11 8:37 p.m.12 views

CVE-2020-37186

CVE-2020-37186 affects Chevereto 3.13.4 Core. The vulnerability arises in the database configuration installation where the database table prefix parameter can be manipulated to write a PHP shell file and execute arbitrary system commands via a crafted POST request. Impact is high: remote code ex...

9.8CVSS6.8AI score0.00969EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/02/11 8:35 p.m.263 views

Exploit for CVE-2026-2249

Overview The METIS DFS devices, specifically in versions lowe...

9.8CVSS6.2AI score0.00514EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.5AI score0.25835EPSS
Exploits3References1
Rows per page
Query Builder