Lucene search
K

31246 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5861

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References5
Spring Security Advisories
Spring Security Advisories
added 2026/02/03 12:0 a.m.5 views

This Week in Spring - February 3rd, 2026

Hi, Spring fans! This week I'm in northern Europe. I went on the Vaadin cruise from Finland to Sweden, gave a talk on a boat, then arrived in Stockholm in time for the amazing JFokus 2026 event where I had the privilege yesterday of doing a deep dive with my pal James Ward on Spring AI and agenti...

5.4AI score
Exploits0
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Claude Code 跨站脚本漏洞

Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.74 contained a cross-site scripting vulnerability. This vulnerability stemmed from a Bash command validation flaw during the parsing of ZSH “clobber” syntax, which could allow bypassing...

7.7CVSS5.7AI score0.00464EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5921

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c2 Brocade Fabric OS versions 9.2.2 through 9.2.2a Description A flaw exists within Brocade Fabric OS that may allow an authenticated attacker possessing administrative privileges to manipulate path...

4.6CVSS5.5AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6212

Name of the Vulnerable Software and Affected Versions melange versions 0.3.0 through 0.40.2 Description melange enables users to create apk packages using declarative pipelines. A security issue exists in versions 0.3.0 through 0.40.2 where an attacker with the ability to supply build input value...

7.9CVSS5.9AI score0.00176EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6488

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

7.9CVSS5.8AI score0.00176EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

Ziroom ZHOME A0101 安全漏洞

Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a security vulnerability. This vulnerability stems from the Dropbear SSH Service component using default credentials, which may lead to remote attacks...

9.2CVSS7.3AI score0.00604EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5858

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description GUnet OpenEclass version 1.7.3 allows authenticated users to bypass file extension restrictions during file uploads. An attacker can rename a PHP file to extensions like .php3 or .PhP to upload a web...

8.8CVSS6AI score0.00781EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.160 views

📄 LimeSurvey 5.2.4 Remote Code Execution

Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...

9CVSS5.4AI score0.12679EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-6187

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.74 Description Claude Code is an agentic coding tool affected by a Bash command validation flaw when parsing ZSH clobber syntax. This flaw allowed bypassing directory restrictions and writing files outside the...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.4 views

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping...

8.8CVSS5.8AI score0.00176EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/02 9:52 p.m.6 views

GHSA-GP56-F67F-M4PX CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

9.9CVSS6.5AI score0.00805EPSS
Exploits1References4
Veracode
Veracode
added 2026/02/02 9:6 p.m.6 views

Arbitrary Command Injection

cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...

9.6CVSS5.8AI score0.008EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2026/02/02 9:5 p.m.5 views

GO-2026-4380 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle...

9.9CVSS5.2AI score0.00385EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/02 6:10 p.m.9 views

Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...

9.9CVSS6.4AI score0.04163EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2026/02/02 3:30 p.m.197 views

Exploit for Improper Input Validation in Unrealircd

UnrealIRCD 3.2.8.1 Backdoor Exploit A clean, flexible exploit...

7.5CVSS5.6AI score0.83534EPSS
Exploits10
OSV
OSV
added 2026/02/02 1:15 p.m.6 views

CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS6AI score0.00194EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/02 1:3 p.m.3 views

Wireshark: NULL Pointer Dereference in Wireshark

A flaw was found in Wireshark’s SSH dissector, caused by a missing NULL check in key exchange parameter handling. This vulnerability can trigger a segmentation fault when processing malformed SSH traffic or crafted capture files, potentially causing the application to crash and resulting in a...

7.8CVSS5.7AI score0.00194EPSS
Exploits1References6
OSV
OSV
added 2026/02/02 12:56 p.m.7 views

OPENSUSE-SU-2026:20151-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to Wireshark 4.4.13: - CVE-2025-11626: MONGO dissector infinite loop bsc1251933. - CVE-2025-13499: Kafka dissector crash bsc1254108. - CVE-2025-13945: HTTP3 dissector crash bsc1254471. - CVE-2025-13946: MEGACO dissector infinite loop...

7.8CVSS5.8AI score0.00206EPSS
Exploits5References16
Debian CVE
Debian CVE
added 2026/02/02 12:38 p.m.5 views

CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS4.6AI score0.00194EPSS
Exploits0
Rows per page
Query Builder