Lucene search
K

93 matches found

OSV
OSV
added 2026/07/02 7:22 p.m.3 views

GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)

Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...

8.8CVSS6.2AI score0.00072EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.10 views

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

9.4CVSS5.2AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-33229

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, breaking the...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References6
Talos
Talos
added 2026/02/18 12:0 a.m.13 views

OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2025-2292 OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability February 18, 2026 CVE Number CVE-2025-61982 SUMMARY An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A...

7.8CVSS6.6AI score0.0015EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.152 views

📄 RustFly 2.0.0 Event Manipulation

The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...

9.8CVSS5.8AI score0.02628EPSS
Exploits1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.16 views

ibaPDA security vulnerabilities

ibaPDA is an industrial process data acquisition and analysis system developed by the German company iba. There is a security vulnerability in ibaPDA, which allows unauthorized operations on the file system under certain conditions. This vulnerability may affect the confidentiality, integrity, or...

10CVSS5.8AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/15 1:1 p.m.27 views

CVE-2026-22909

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations...

7.5CVSS0.0051EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/30 11:19 p.m.6 views

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

5.3CVSS6.8AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 11:16 p.m.8 views

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

5.3CVSS0.00104EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 10:45 p.m.9 views

CVE-2025-54547

CVE-2025-54547 affects Arista DANZ Monitoring Fabric and related platforms where SSH session multiplexing (ControlMaster) is used. The issue allows SSH sessions multiplexed onto the same channel (e.g., scp/sftp) to perform file-system operations after a session timeout, under specific conditions ...

5.3CVSS6.5AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 10:45 p.m.9 views

CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

5.3CVSS0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-5008

Malware in sbrugna...

10CVSS9.3AI score0.0182EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-13092

Malware in sbrugna...

7.9CVSS6.4AI score0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-0279

Malware in sbrugna...

7.7CVSS7.5AI score0.01168EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-0676

Malware in sbrugna...

6.2CVSS6.4AI score0.01186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-28503

Malicious code in bioql PyPI...

7.8CVSS8.7AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-41853

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00619EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31218

Malicious code in bioql PyPI...

7.3CVSS6.7AI score0.00844EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-45860

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00645EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-52442

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01115EPSS
Exploits0References1
Rows per page
Query Builder