Lucene search
K

31222 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37136

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/05 4:13 p.m.11 views

CVE-2020-37136

CVE-2020-37136 affects ZOC Terminal 7.25.5. A denial-of-service condition is triggered by overwriting the private key file input with a ~2000-byte buffer during SSH key file creation, causing the application to become unresponsive. Affected component: private key file input handling in ZOC Termin...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.4 views

CVE-2020-37123 Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

9.8CVSS6.6AI score0.03135EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/05 3:47 p.m.141 views

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 Scanner – GNU inetutils telnetd Auth Bypass...

9.8CVSS7.6AI score0.98871EPSS
Exploits60
RedhatCVE
RedhatCVE
added 2026/02/05 7:26 a.m.7 views

CVE-2026-1791

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS5.4AI score0.00311EPSS
Exploits0References1
ICS
ICS
added 2026/02/05 7:0 a.m.16 views

Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

8.7CVSS6.2AI score0.008EPSS
Exploits1References13
Veracode
Veracode
added 2026/02/05 4:59 a.m.7 views

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

8.3CVSS5.9AI score0.015EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/02/05 3:20 a.m.5 views

GO-2026-4418 EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve

EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.3AI score0.0016EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6579

Name of the Vulnerable Software and Affected Versions ZOC Terminal version 7.25.5 Description ZOC Terminal version 7.25.5 contains a denial of service condition in the private key file input field. An attacker can cause the application to crash by overwriting the private key file input with a...

7.5CVSS5.8AI score0.00361EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.158 views

📄 Novell GroupWise 8.0 Traversal / Code Injection

Proof of concept exploit for an older vulnerability from 2012 that looks for a directory traversal vulnerability in Novell GroupWise version 8.0 before Support Pack 3 and attempts to upload a webshell if possible...

5CVSS5.3AI score0.41841EPSS
Exploits4
NVD
NVD
added 2026/02/04 10:16 p.m.11 views

CVE-2026-25546

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS0.00853EPSS
Exploits1References4
CVE
CVE
added 2026/02/04 9:48 p.m.19 views

CVE-2026-25546

Godot MCP vulnerability CVE-2026-25546: In godot-mcp prior to v0.1.1, executeOperation passed user-controlled input (e.g., projectPath) to exec(), spawning a shell and enabling command injection with shell metacharacters. This could allow remote code execution with MCP server privileges across to...

7.8CVSS6.4AI score0.00853EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:39 p.m.5 views

CVE-2026-25539

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...

9.1CVSS5.6AI score0.01017EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/04 9:39 p.m.6 views

CVE-2026-25539 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...

9.1CVSS5.7AI score0.01017EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/04 9:36 p.m.9 views

EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

8.8CVSS7.8AI score0.0016EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/04 8:46 p.m.29 views

GHSA-3MQ9-XHGQ-R7GJ EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

5.9CVSS5.5AI score0.0016EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 8:39 p.m.26 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.18536EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/04 8:39 p.m.3 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References2
OSV
OSV
added 2026/02/04 8:39 p.m.6 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:31 p.m.6 views

CVE-2026-25499

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been...

8.7CVSS5.3AI score0.00431EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder