Lucene search
K

31247 matches found

Debian CVE
Debian CVE
added 2026/02/02 12:38 p.m.5 views

CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS4.6AI score0.00194EPSS
Exploits0
EUVD
EUVD
added 2026/02/02 12:38 p.m.6 views

EUVD-2026-5101

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS5.7AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:38 p.m.3 views

CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS5.7AI score0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/02 12:38 p.m.4 views

CVE-2026-1757 Libxml2: memory leak leading to local denial of service in xmllint interactive shell

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS5.7AI score0.00194EPSS
Exploits0References4
CVE
CVE
added 2026/02/02 12:38 p.m.23 views

CVE-2026-1757

CVE-2026-1757 describes a memory leak in the interactive shell of the libxml2 xmllint utility. When a user enters input consisting only of whitespace, the shell skips command execution but does not free the allocated buffer, allowing memory to accumulate over repeated actions. This can lead to lo...

6.2CVSS5.7AI score0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/02 12:38 p.m.35 views

CVE-2026-1757 Libxml2: memory leak leading to local denial of service in xmllint interactive shell

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS0.00194EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/02 12:38 p.m.9 views

CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

6.2CVSS5.3AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5713

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...

9.9CVSS6.4AI score0.04163EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-6425

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

9.9CVSS6.6AI score0.00805EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.152 views

📄 NetScaler 14.1 Vulnerability Scanner

This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...

9.8CVSS8AI score0.09756EPSS
Exploits4
Snyk
Snyk
added 2026/02/02 12:0 a.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the xmllint interactive shell when repeatedly providing whitespace-only input. An attacker can exhaust system memory and cause process termination by continuously submitting such...

6.9CVSS5.8AI score0.00194EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/01 4:32 p.m.221 views

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...

10CVSS7.4AI score0.94535EPSS
Exploits19
RedhatCVE
RedhatCVE
added 2026/01/31 9:13 p.m.7 views

CVE-2026-25130

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS6.2AI score0.008EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.8 views

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS6.1AI score0.00113EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2026-1160)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification...

7.5CVSS6.1AI score0.01301EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-1102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowe...

7.5CVSS5.7AI score0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.8 views

CVE-2025-15545

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

7.3CVSS6.1AI score0.00453EPSS
Exploits2References1
NVD
NVD
added 2026/01/30 9:15 p.m.5 views

CVE-2026-25130

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS0.008EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2026/01/30 8:38 p.m.14 views

CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

9.6CVSS6.2AI score0.008EPSS
Exploits3References5Affected Software1
Snyk
Snyk
added 2026/01/30 8:38 p.m.4 views

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the findfile function, which calls subprocess.Popen with shell=True. An attacker can execute arbitrary commands on the host system by injecting malicious...

9.6CVSS5.8AI score0.008EPSS
Exploits3References2
Rows per page
Query Builder