Lucene search
K

9 matches found

NVD
NVD
added 2026/06/26 6:16 p.m.10 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:51 p.m.8 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS6AI score0.00685EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 4:51 p.m.38 views

CVE-2026-33646

CVE-2026-33646 affects Mise: prior to 2026.3.10, Processed .tool-versions with Tera where exec() is registered, allowing arbitrary code execution when a malicious .tool-versions file is parsed during shell CD hooks. Unlike .mise.toml, .tool-versions is not trusted in non-paranoid mode, so an atta...

9.6CVSS6AI score0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:47 p.m.8 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 6:13 p.m.4 views

GHSA-F94H-J2QG-FXW3 mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 3:2 p.m.26 views

CVE-2026-33727 Pi-hole has a Local Privilege Escalation (post-compromise, pihole -> root).

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

6.4CVSS0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:46 a.m.14 views

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

7.2CVSS7.2AI score0.00901EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2005/08/14 12:0 a.m.34 views

gforgeexec.txt

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Author : Filippo Spi...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/01/29 5:0 a.m.24 views

CVE-2005-0071

vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files...

6.3AI score0.01372EPSS
Exploits0References7
Rows per page
Query Builder