CVE-2026-53855

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside...

Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload

This module bypasses authentication failure, extension blacklist, and path traversal vulnerabilities in the /editor/elfinder/php/connector.php endpoint to upload and execute a shell in Xerte Online Toolkits versions 3.15 commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as there's no patch versions...

CVE-2026-53866

OpenClaw vulnerable before version 2026.5.12 due to an allowlist bypass in shell inline-command parsing. Affected: authenticated operators could cause unapproved commands to execute because a parser case omits the expected allowlist decision. The issue is tied to the shell inline-command handling...

CVE-2026-53855

OpenClaw prior to 2026.4.2 is vulnerable to an inline-eval bypass through shell positional parameters, allowing authenticated operators to weaken strict allowlist checks. Attackers can combine allowlisted tools with shell positional arguments to inject inline-eval content into shell carriers that...

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

CVE-2026-12398

The CVE-2026-12398 entry describes a command-injection in galaxy_ng via the legacy role import API (v1) do_git_checkout(), where unsanitized git ref names are interpolated into shell commands executed with subprocess.run(shell=True). An authenticated user controlling a git repo can craft branch/t...

CVE-2026-40750

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

BIT-MARIADB-MIN-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

BIT-MARIADB-MIN-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

BIT-MARIADB-MIN-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

BIT-MARIADB-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

BIT-MARIADB-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

BIT-MARIADB-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

EUVD-2026-37065

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection

Sunhillo SureLine 8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request...

Apache Spark UI - Remote Command Injection

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...