Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-61447 1 Praison 1 Praisonai 2026-07-13 10 Critical
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.
CVE-2026-41880 1 R-soft Serwis 1 Dms 2026-07-13 N/A
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to trigger the OCR functionality for the uploaded file can execute OS commands within the context of a root user. This issue was fixed in version v3.19-2862 and v3.17-2580.
CVE-2026-4769 1 Wago 9 0765-110x/0100-0000, 0765-120x/0100-0000, 0765-150x/0100-0000 and 6 more 2026-07-13 9.8 Critical
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
CVE-2026-22093 1 Evbee 1 Evbee Service 2026-07-13 N/A
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations. This issue affects EVbee Service: v1.4.101.00.
CVE-2026-22095 1 Evbee 1 Dc-80 2026-07-13 N/A
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection.
CVE-2026-22096 1 Evbee 1 Dc-80 2026-07-13 N/A
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.
CVE-2026-22102 1 Evbee 1 Dc-80 2026-07-13 N/A
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or remote-code-execution by overwriting shell-scripts which execution can be triggered through other means.
CVE-2026-22097 1 Evbee 1 Dc-80 2026-07-13 N/A
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution.
CVE-2026-22098 1 Evbee 1 Dc-80 2026-07-13 N/A
Various sensitive information such as passwords and charging card UIDs are written to log files.
CVE-2026-22103 1 Evbee 1 Dc-80 2026-07-13 N/A
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection.
CVE-2026-13014 1 Thalesgroup 1 Cert Suspicious 2026-07-13 N/A
A vulnerability in Thales CERT "Suspicious" application =< 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent denial of service, the potential compromise of application secrets or integrations, and root-level execution inside the Django application container. This vulnerability has been names "Matryoshka Mail". Thales PSIRT acknowledges and thanks Lucien Doustaly (aka wlayzz) for discovering and reporting this issue.
CVE-2026-14934 2 Google, Google Cloud 3 Cloud Platform, Bigquery, Colab Enterprise 2026-07-13 N/A
A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. This vulnerability was patched on 10 May 2026, and no customer action is needed.
CVE-2026-60121 1 Vitec 1 Flamingo 2026-07-13 9.8 Critical
Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/ping.php endpoint that allows remote attackers to execute arbitrary commands by exploiting a double-evaluation flaw in shell argument handling. The endpoint applies escapeshellarg() to the user-supplied host POST parameter before passing it to a system wrapper, but the wrapper retrieves the decoded value from argv and incorporates it into a second shell_exec() call without escaping, allowing injected commands to execute with root privileges via passwordless sudo.
CVE-2026-12257 1 Murasoftware 1 Mura Cms 2026-07-13 N/A
Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion engine. As a result, a remote attacker could exploit this vulnerability to inject and execute arbitrary CFML (ColdFusion Markup Language) expressions and instantiate malicious Java objects, thereby compromising the system’s security.
CVE-2026-61444 1 Praison 1 Praisonai 2026-07-10 9.1 Critical
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen().
CVE-2026-58492 1 Getgrav 1 Grav 2026-07-10 N/A
grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin or developer code to execute arbitrary SQL against the configured database. This issue is fixed in version 1.2.0.
CVE-2026-48939 1 Icagenda.com 1 Icagenda Extension For Joomla 2026-07-10 N/A
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
CVE-2026-56291 1 Balbooa.com 1 Balbooa.com Balbooa Forms Extension For Joomla 2026-07-10 N/A
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-56765 1 Vikunja 1 Vikunja 2026-07-10 9.8 Critical
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide.
CVE-2026-54760 1 Langroid 1 Langroid 2026-07-10 N/A
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statement allowlist. The blocklist entries that target callable functions require the function name to be immediately followed by `\s*\(`. PostgreSQL accepts the same call with the name separated from `(` by a quoted identifier, an inline comment, or schema qualification. These forms evade the regex, still parse as `SELECT`, and execute the same PostgreSQL function. This restores the `pg_read_file` server-side file-read primitive that the prior CVE-2026-25879 / GHSA-pmch-g965-grmr fix was meant to block: the parent advisory fixed a missing `pg_read_file` blocklist entry, while this report shows that the added regex is bypassable. Version 0.65.1 fixes the issue.