Lucene search
+L

109 matches found

cvelist
cvelist
added 3 days ago33 views

CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
cve
cve
added last week11 views

CVE-2026-15330

CVE-2026-15330 affects zhayujie CowAgent — Vision Tool, specifically the file vision.py, function _build_image_content/_download_to_data_url. The vulnerability arises from manipulating the input image argument, enabling remote SSRF via the Vision Tool component. Attacker could trigger remotely; e...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9
cvelist
cvelist
added 2026/06/28 2:30 p.m.37 views

CVE-2026-13501 antlr ANTLR4 gofmt GoTarget.java GoTarget command injection

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. The attack can only be performed fro...

5.3CVSS0.00678EPSS
Exploits0References5
susecve
susecve
added 2026/05/26 2:4 a.m.17 views

SUSE CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References3
euvd
euvd
added 2026/05/23 6:30 p.m.13 views

EUVD-2018-21877

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libimage-exiftool-perl

In ExifTool’s lib/Image/ExifTool.pm, version 12.38 incorrectly handles the $file = /|$/ check, resulting in command injection...

7.8CVSS7.3AI score0.07575EPSS
Exploits5References1
vulnrichment
vulnrichment
added 2026/05/02 9:0 a.m.5 views

CVE-2026-7609 TRENDnet TEW-821DAP Firmware Udpate diagnostic tools_diagnostic os command injection

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function toolsdiagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publish...

6.5CVSS6.2AI score0.04123EPSS
Exploits1References4
cvelist
cvelist
added 2026/04/28 6:10 p.m.34 views

CVE-2026-42427 OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...

5.8CVSS0.00188EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/19 10:6 p.m.6 views

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2026/03/05 12:59 a.m.6 views

acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9), airflow-dbt-python (=2.1.0) +49 more potentially affected by CVE-2026-29790 via dbt-common (>=0.1.6 <=1.33.0)

dbt-common PYPI version =0.1.6, =0.1.7, =0.1.5, =0.21.7, =0.0.1rc1, =0.1.0a1, =1.0.9, =1.8.0, =1.5.2, =1.8.0, =1.8.0, =1.8.15 and more Source cves: CVE-2026-29790 Source advisory: OSV:GHSA-W75W-9QV4-J5XJ...

5.3CVSS5.7AI score0.00262EPSS
Exploits0
cve
cve
added 2026/02/13 10:19 p.m.20 views

CVE-2026-24853

CVE-2026-24853 affects Caido before version 0.55.0. The issue allows bypassing domain-based access controls on the 8080 port by injecting an X-Forwarded-Host header (127.0.0.1:8080). Multiple sources confirm the vulnerability exists in Caido up to 0.54.x and was fixed in 0.55.0. Impact details in...

9.8CVSS5.5AI score0.00272EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/02/05 12:0 a.m.7 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.8AI score0.01945EPSS
Exploits2References10
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.15 views

PT-2026-6187

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.74 Description Claude Code is an agentic coding tool affected by a Bash command validation flaw when parsing ZSH clobber syntax. This flaw allowed bypassing directory restrictions and writing files outside the...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References8
osv
osv
added 2026/01/26 8:16 p.m.10 views

AZL-75527 CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
nessus
nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: gh (CVE-2024-52308)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52308 advisory. - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace S...

9.6CVSS7.1AI score0.00861EPSS
Exploits0References2
euvd
euvd
added 2026/01/14 3:6 p.m.8 views

EUVD-2026-2015

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5...

6.3CVSS6.1AI score0.00179EPSS
Exploits1References4
euvd
euvd
added 2025/12/26 6:18 p.m.6 views

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

9.9CVSS6.7AI score0.12685EPSS
Exploits4References3
euvd
euvd
added 2025/12/19 9:5 p.m.6 views

EUVD-2025-204595

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

8.5CVSS6.8AI score0.00135EPSS
Exploits0References4
vulncheck_kev
vulncheck_kev
added 2025/12/19 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-55890

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

6.9CVSS6.5AI score0.01063EPSS
In wildExploits0References63
vulnrichment
vulnrichment
added 2025/12/12 8:36 p.m.5 views

CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS

The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would...

4.6CVSS5.8AI score0.00162EPSS
Exploits0References3
Rows per page
Query Builder