Lucene search
K

2865 matches found

Snyk
Snyk
added 5 days ago3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42505

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 6 days ago5 views

CVE-2026-47829 - Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description Argume...

8.3CVSS6.2AI score0.00293EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:27 p.m.10 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 9:27 p.m.7 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 9:27 p.m.38 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Dräger Zeus IE和Dräger Zeus RS C500 安全漏洞

Both Dräger Zeus IE and Dräger Zeus RS C500 are intelligent anesthesia workstations produced by the German company Dräger. Both devices have security vulnerabilities; these vulnerabilities stem from local security issues, which may allow unauthorized individuals to manipulate the software’s...

7CVSS5.4AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00219EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/08 7:50 p.m.2 views

CVE-2026-39862 Tophat has a Command Injection Vulnerability When Accessing a Maliciously Crafted Tophat Link

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.10 views

VMware Workstation 17.x, 25H2 < 25H2u1 NULL Pointer Dereference (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by a vulnerability: - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error...

6.1CVSS5.9AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

7.2CVSS6AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/17 12:0 a.m.4 views

Schneider Electric EcoStruxure Automation Expert Code Injection Vulnerability

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

7.2CVSS5.5AI score0.00227EPSS
Exploits0
CNVD
CNVD
added 2026/03/17 12:0 a.m.5 views

Schneider Electric EcoStruxure Foxboro DCS Code Issue Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

7CVSS5.9AI score0.00315EPSS
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2025-208693

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:17 p.m.3 views

CVE-2025-15554

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

7.8CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 10:46 a.m.27 views

CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

6CVSS0.00145EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/16 12:0 a.m.6 views

(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

8.2CVSS6.2AI score0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10571

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

7.2CVSS5.9AI score0.00227EPSS
Exploits0References2
Rows per page
Query Builder