Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

353 matches found

OSV
OSVadded 2024/06/24 12:15 a.m.8 views

CVE-2024-3121

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

3.3CVSS8.1AI score0.00446EPSS
Exploits2References1
GithubExploit
GithubExploitadded 2024/06/20 1:52 a.m.497 views

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 !image-20240619220245325README.assets/Snipa...

9.8CVSS9.5AI score0.86205EPSS
Exploits7
Github Security Blog
Github Security Blogadded 2024/06/11 8:22 p.m.19 views

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution RCE via server-side template injection SSTI allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

7.2CVSS8.9AI score0.0104EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2024/05/22 7:29 p.m.69 views

CVE-2024-4267

The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...

9.8CVSS8.9AI score0.01484EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2024/05/22 12:0 a.m.3 views

PT-2024-30098 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.5 Description: A remote code execution vulnerability exists in the parisneo/lollms-webui, specifically within the open file module. The vulnerability arises due to improper neutralization of special elements us...

9.8CVSS8.9AI score0.01484EPSS
Exploits1References6
NVD
NVDadded 2024/05/16 9:15 a.m.29 views

CVE-2024-3126

A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...

8.4CVSS8.8AI score0.01321EPSS
Exploits1References2
0day.today
0day.todayadded 2024/05/15 12:0 a.m.485 views

Zope 5.9 Command Injection Vulnerability

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/05/04 12:0 a.m.28 views

GLSA-202405-01 : Python, PyPy3: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-01 Python, PyPy3: Multiple Vulnerabilities - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the...

7.8CVSS7.6AI score0.20459EPSS
Exploits3References13
Veracode
Veracodeadded 2024/03/29 9:11 a.m.22 views

OS Command Injection

ansysgeometrycore is vulnerable for OS Command Injection. The vulnerability is due to calling a subprocess with shell=True within the startprogram function. This allows attackers to perform malicious operations on the current machine where the script is run...

7.4CVSS6.8AI score0.00334EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blogadded 2024/03/25 7:37 p.m.15 views

ansys-geometry-core OS Command Injection vulnerability

subprocess call with shell=True identified, security issue. Code On file src/ansys/geometry/core/connection/productinstance.py: 403 def startprogramargs: Liststr, localenv: Dictstr, str - subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the args array argument...

7.8CVSS7.1AI score0.00334EPSS
Exploits1References9Affected Software1
OSV
OSVadded 2024/03/25 7:37 p.m.1 views

GHSA-38JR-29FH-W9VM ansys-geometry-core OS Command Injection vulnerability

subprocess call with shell=True identified, security issue. Code On file src/ansys/geometry/core/connection/productinstance.py: 403 def startprogramargs: Liststr, localenv: Dictstr, str - subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the args array argument...

7.4CVSS5.9AI score0.00334EPSS
Exploits1References9
Positive Technologies
Positive Technologiesadded 2024/03/25 12:0 a.m.7 views

PT-2024-22792

Name of the Vulnerable Software and Affected Versions PyAnsys Geometry versions prior to 0.3.3 PyAnsys Geometry versions prior to 0.4.12 Description The issue concerns a Python client library for the Ansys Geometry service and other CAD Ansys products. Upon calling the start program method...

7.8CVSS7.1AI score0.00334EPSS
Exploits1References17
Github Security Blog
Github Security Blogadded 2024/03/20 3:44 p.m.21 views

`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Summary deserializing json data using qiskitibmruntime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string Details RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one...

7.8CVSS8.1AI score0.00372EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2024/03/20 3:44 p.m.20 views

GHSA-X4X5-JV3X-9C7M `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Summary deserializing json data using qiskitibmruntime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string Details RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one...

5.3CVSS5.9AI score0.00372EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2024/03/20 3:50 a.m.3 views

SUSE CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS8.2AI score0.01124EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2024/03/18 8:26 p.m.25 views

RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

8.4CVSS7.1AI score0.01124EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2024/03/18 8:26 p.m.0 views

GHSA-H2X6-5JX5-46HF RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

8.4CVSS6.1AI score0.01124EPSS
Exploits1References5
OSV
OSVadded 2024/03/18 7:15 p.m.1 views

UBUNTU-CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS7.8AI score0.01124EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2024/03/18 6:48 p.m.8 views

CVE-2023-41334 astropy vulnerable to RCE in TranformGraph().to_dot_graph function

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS7.6AI score0.01124EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2024/03/18 6:48 p.m.15 views

CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS8.5AI score0.01124EPSS
Exploits1
Rows per page
Query Builder