CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-8666
High

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

CVE-2026-8665
High

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

CVE-2026-8664
Medium

The Finger plugin for Rapid7 InsightConnect on Linux contains an OS Command Injection vulnerability. An authenticated attacker can execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

CVE-2026-8660
High

The Ping plugin for Rapid7 InsightConnect on Linux is vulnerable to OS command injection. Remote attackers can execute arbitrary commands via the host parameter due to insufficient input validation when constructing shell commands.

CVE-2026-8592
High

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

CVE-2026-9155
HighEPSS 56%

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

CVE-2026-9154
High

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

CVE-2026-9153
Medium

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

CVE-2026-57589
High

In the OpenBSD kernel up to version 7.9, a use-after-free vulnerability exists in sys/kern/sysv_sem.c, allowing local privilege escalation to root. The issue occurs after a context switch following the tsleep call in sys_semget().

CVE-2026-9787
HighEPSS 69%

A vulnerability in Quest NetVault Backup allows remote code execution via command injection in the NVBULogDaemon process. The issue stems from improper validation of user-supplied data before using it in a system call, allowing an attacker to execute code in the SYSTEM context. Authentication is required, but the existing authentication mechanism can be bypassed.

CVE-2026-9786
High

SQL Injection vulnerability in the NVBUDashboard component of Quest NetVault Backup allows remote code execution. The flaw results from improper validation of user-supplied data before using it in SQL queries, enabling an attacker to execute code in the context of the NETWORK SERVICE account. Authentication is required but the existing authentication mechanism can be bypassed.

CVE-2026-9785
High

A vulnerability in Quest NetVault Backup allows remote code execution via SQL injection in the NVBULibrarySlot component. Authentication is required but can be bypassed. The flaw stems from improper validation of user-supplied data used in SQL queries.

CVE-2026-9784
High

A vulnerability in Quest NetVault Backup allows remote code execution via SQL injection in the NVBULibraryPort component. Authentication is required but can be bypassed.

CVE-2026-9783
High

SQL Injection vulnerability in the NVBURemovableMedia component of Quest NetVault Backup allows remote attackers to execute arbitrary code. The flaw stems from improper validation of user-supplied data before using it in SQL queries, and the existing authentication mechanism can be bypassed.

CVE-2026-9782
High

SQL Injection vulnerability in Quest NetVault Backup allows remote code execution. The flaw exists in the NVBUDeviceDrive component during JSON-RPC message processing, where lack of user input validation leads to SQL injection. Authentication is required but can be bypassed.

CVE-2026-9781
High

A vulnerability in Quest NetVault Backup allows remote code execution via SQL injection in the NVBURASDevice component. Authentication is required but can be bypassed.

CVE-2026-9780
High

A vulnerability in Quest NetVault Backup's addclient3 component allows an attacker to bypass authentication via script injection. User interaction is required, as the target must visit a malicious page or open a malicious file.

CVE-2026-8663
Medium

The RPM plugin for Rapid7 InsightConnect on Linux contains an OS command injection vulnerability. An authenticated attacker can execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization.

CVE-2026-8659
Medium

The SQLmap plugin for Rapid7 InsightConnect on Linux contains an OS command injection vulnerability. Authenticated attackers can execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

CVE-2026-7570
High

A vulnerability in Quest NetVault Backup allows remote code execution via SQL injection in the NVBUDashboard component. Authentication is required but can be bypassed. The issue stems from improper validation of user-supplied data before use in SQL queries.

PreviousPage 195 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS