Lucene search
K

72 matches found

RedhatCVE
RedhatCVE
added 2026/05/23 8:12 a.m.22 views

CVE-2026-9101

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 4:18 p.m.40 views

CVE-2026-9101 Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS0.00411EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:18 p.m.11 views

CVE-2026-9101

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/20 4:18 p.m.11 views

EUVD-2026-31127

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 4:18 p.m.8 views

CVE-2026-9101 Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.180 views

📄 pdf-image 2.0.0 Command Injection

pdf-image through version 2.0.0 allows OS command injection via the pdfFilePath argument. The package builds shell command strings with util.format and executes them with childprocess.exec. If an application passes an attacker-controlled file path into PDFImage, shell metacharacters in that path...

9.8CVSS6AI score0.02493EPSS
Exploits4
CNVD
CNVD
added 2026/03/19 12:0 a.m.1 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15148)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...

7.8CVSS5.9AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2025-208735

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...

4.7CVSS5.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 3:16 p.m.3 views

CVE-2025-52643

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...

7.8CVSS0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25748

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...

4.7CVSS5.8AI score0.00095EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...

7.8CVSS5.8AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 12:2 p.m.3 views

CVE-2025-12495

A flaw was found in OpenEXR, a library for handling High Dynamic Range HDR image files. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on a user's system. This occurs when a user is tricked into opening a specially crafted EXR file, exploiting a...

7.8CVSS7.7AI score0.00158EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1808

Malware in sbrugna...

8.8CVSS8.8AI score0.02056EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-33550

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 7:15 p.m.4 views

CVE-2025-57776

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

8.5CVSS0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.7 views

CVE-2022-3374

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

7.2CVSS6.7AI score0.01126EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.399 views

Ollama 0.5.11 Code Execution

Ollama version 0.5.11 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ollama 0.5.11 Code Injection Vulnerability | | Author : indoushka | | Tested o...

7.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/18 6:24 p.m.10 views

CVE-2024-45774

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

6.7CVSS6.2AI score0.00243EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/06 12:49 a.m.6 views

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

8.8CVSS7AI score0.02809EPSS
Exploits1References1
OSV
OSV
added 2025/01/16 9:49 p.m.9 views

GO-2025-3400 Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo

Matrix Media Repo MMR allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo...

6.8CVSS6.8AI score0.00618EPSS
Exploits0References2
Rows per page
Query Builder