Lucene search
K

31226 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.6 views

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

4.6CVSS5.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS5.4AI score0.00198EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/02/04 9:51 a.m.9 views

USN-8011-1: Emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

8.8CVSS6AI score0.02679EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/02/04 8:56 a.m.149 views

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score
Exploits0
NVD
NVD
added 2026/02/04 4:15 a.m.6 views

CVE-2026-1791

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 3:11 a.m.7 views

EUVD-2026-5355

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS5.4AI score0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 3:11 a.m.4 views

CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS5.4AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 3:11 a.m.12 views

CVE-2026-1791

CVE-2026-1791 concerns Hillstone Networks products: Operation and Maintenance Security Gateway on Linux with vulnerable versions V5.5ST00001B113 and Hillstone Networks Security Gateway V5.5. The flaw is an unrestricted file upload of a dangerous file type, enabling an attacker to upload a web she...

2.7CVSS5.4AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 3:11 a.m.28 views

CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS0.00311EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 12:9 a.m.2 views

GHSA-RF4G-89H5-CRCR melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

7.8CVSS6AI score0.00175EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/04 12:9 a.m.10 views

melange affected by potential host command execution via license-check YAML mode patch pipeline

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

7.8CVSS6AI score0.00175EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6264

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.12 n8n versions prior to 2.4.0 Description n8n is a workflow automation platform. Before versions 1.123.12 and 2.4.0, workflows processing uploaded files and transferring them to remote servers via the SSH node lack...

8.1CVSS6AI score0.01713EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6058

Name of the Vulnerable Software and Affected Versions Hillstone Networks Operation and Maintenance Security Gateway versions V5.5ST00001B113 Hillstone Networks Security Gateway version V5.5 Description The software contains a flaw related to unrestricted file uploads, potentially allowing an...

2.7CVSS5.4AI score0.00311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6271

Name of the Vulnerable Software and Affected Versions melange versions 0.10.0 through 0.40.2 Description melange enables users to construct APK packages utilizing declarative pipelines. A flaw exists in versions 0.10.0 up to, but not including, 0.40.3 where an attacker capable of manipulating...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6475

An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...

7.8CVSS6AI score0.00175EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Emacs vulnerabilities (USN-8011-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8011-1 advisory. It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp- completion-at-point on untrust...

8.8CVSS8.2AI score0.02679EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.7 views

OpenClaw < 2026.1.29 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.29. It is, therefore, affected by multiple vulnerabilities: - A command injection vulnerability exists in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable...

8.8CVSS6.3AI score0.08016EPSS
Exploits5References6
Exploit DB
Exploit DB
added 2026/02/04 12:0 a.m.197 views

OctoPrint 1.11.2 - File Upload

Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...

8.8CVSS5.2AI score0.19313EPSS
Exploits4
Trellix
Trellix
added 2026/02/04 12:0 a.m.9 views

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure By Pham Duy Phuc and Alex Lanstein · February 4, 2026 Updated February 9, 2026: This analysis has been updated to clarify malware naming conventions. Introduction Russian state-sponsored threat group APT28...

7.8CVSS8.8AI score0.72152EPSS
Exploits12
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.15 views

melange 操作系统命令注入漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...

7.8CVSS5.9AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder