Lucene search
K

39 matches found

NVD
NVD
added 2026/06/04 3:16 a.m.9 views

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43702

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smart enumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi...

8.8CVSS6AI score0.01852EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00571EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS6.1AI score0.00571EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...

7.8CVSS5.8AI score0.00571EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5713

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...

9.9CVSS6.4AI score0.04163EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

8.8CVSS8.6AI score0.01528EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.3 views

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

8.8CVSS0.01528EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.3 views

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

8.8CVSS6.5AI score0.01528EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:37 p.m.9 views

CVE-2018-25122

Nagios XI

8.8CVSS8.2AI score0.01528EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44545

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

8.8CVSS8.6AI score0.01528EPSS
Exploits0References3
OSV
OSV
added 2025/09/25 1:34 p.m.6 views

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

8.7CVSS7.7AI score0.0228EPSS
Exploits1References4
Veracode
Veracode
added 2025/09/17 7:17 a.m.9 views

OS Command Injection

@wong2/mcp-cli is vulnerable to OS command injection. The vulnerability is due to unsafe command construction/execution because redirectToAuthorization in /src/oauth/provider.js uses attacker-controlled input in an OS command context, allowing remote command execution...

8.1CVSS5.9AI score0.05236EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2025/09/10 7:48 p.m.7 views

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

9.8CVSS9.5AI score0.10543EPSS
Exploits7References9
EUVD
EUVD
added 2025/09/10 7:48 p.m.14 views

EUVD-2025-27608

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...

9.8CVSS6.8AI score0.10543EPSS
Exploits7References8
Cvelist
Cvelist
added 2025/09/10 6:41 p.m.40 views

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS0.10543EPSS
Exploits7References6
Veracode
Veracode
added 2025/07/23 7:15 a.m.6 views

Command Injection

Thor is vulnerable to Command Injection. The vulnerability is due to unsafe command construction caused by the library forming shell commands directly from user-controlled input...

2.8CVSS6.4AI score0.00155EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the setNoticeCfg function in the Totolink-A810R router’s microprogramming software allows a hacker to execute any command or cause a service failure.

The vulnerability of the setNoticeCfg function in the Totolink-A810R router microprogramming system exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

10CVSS5.8AI score0.10282EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/05/15 4:10 p.m.7 views

GHSA-G5MQ-PRX7-C588 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

Summary Using a constructed camera device path with the config/add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default. function call stack...

9.3CVSS7.2AI score0.00407EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/09/09 12:0 a.m.6 views

The vulnerability of D-Link DIR-846W router’s microprogramming software lies in the lack of measures to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary code.

The vulnerability of the D-Link DIR-846W router’s microprogramming software is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the...

10CVSS6AI score0.02031EPSS
Exploits0References4
Rows per page
Query Builder