CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

SUSE CVE-2025-68818

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to qla2x00abortallcmds to call sp-done without...

EUVD-2025-36708

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

CVE-2025-11202 relates to win-cli-mcp-server. The issue is in the resolveCommandPath function where a user-supplied string is used to invoke a system call without proper validation, enabling a remote command execution (RCE). The exploit is unauthenticated and would execute code in the service acc...

CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

Windows CLI MCP Server 操作系统命令注入漏洞

Windows CLI MCP Server is a context protocol server for Simon Benedict Individual Developer. An operating system command injection vulnerability exists in Windows CLI MCP Server that stems from the resolveCommandPath method not properly validating a user input string, which could lead to remote...

VulnCheck KEV: CVE-2022-37129

D-Link DIR-816 A2v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte4836B0 by snprintf, and finally doSystem&byte4836B0; will be executed, resulting in a command injection...

PT-2025-40609

Name of the Vulnerable Software and Affected Versions win-cli-mcp-server affected versions not specified Description The software contains a command injection flaw within the resolveCommandPath function. This allows for remote code execution. The issue was discovered by Peter Girnus of Trend...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild v3.9.0 through v3.9.3, which stems from an SQL injection in the /admin/admin-cli/exec component...

CVE-2024-2708

A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

VulnCheck KEV: CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

The vulnerability of the set_cmnd_path() function in the Sudo system administration program, which allows a hacker to cause a service failure.

The vulnerability of the setcmndpath function in the Sudo system administration program is related to the repeated release of memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

Empty Cmd.Path can trigger unintended binary in os/exec on Windows

...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam 1.9.2 Code Execution / XSS

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-19 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-19 Vulnerability Laboratory ID VL-ID: ==================================...

FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities

Document Title: =============== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1041 Release Date: ============= 2013-08-03 Vulnerability Laboratory ID VL-ID: ====================================...

Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability

Title: ====== Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Date: ===== 2013-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=970 VL-ID: ===== 970 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...