Lucene search
K

6 matches found

GithubExploit
GithubExploit
added 2026/05/16 1:10 a.m.79 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

9.8CVSS7.5AI score0.95645EPSS
Exploits11
Snyk
Snyk
added 2026/01/29 3:52 p.m.3 views

Command Injection

Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Command Injection via the /api/terminal/create endpoint. An attacker can execute arbitrary system commands by sending a specially crafted payload after authentication, potentially establishing a...

9.8CVSS6AI score0.00653EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 8:35 p.m.5 views

GHSA-VXW4-WV6M-9HHH OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution

Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...

8.8CVSS7.6AI score0.16955EPSS
Exploits7References4
OSV
OSV
added 2025/08/12 12:13 a.m.8 views

GHSA-Q355-H244-969H Komari vulnerable to Cross-site WebSocket Hijacking

Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...

8.6CVSS7.7AI score0.00515EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.13 views

Komari vulnerable to Cross-site WebSocket Hijacking

Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...

7.7AI score
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.4 views

1E Platform Security Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in versions prior to 1E Platform v18.1 that stems from a command that fails to properly validate input parameters, allowing specially crafted inputs to execute arbitrary code with system...

9.9CVSS7.8AI score0.00856EPSS
Exploits0References4
Rows per page
Query Builder