PT-2026-2441

Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...

Eclipse Che 访问控制错误漏洞

Eclipse Che is a set of Java-based open source online integrated development environments IDEs from the Eclipse Foundation. An access control error vulnerability exists in Eclipse Che che-machine-exec, which originates from an unauthenticated remote attacker who can execute arbitrary commands and...

MiracleLinux 9 : go-rpm-macros-3.6.0-12.el9_7 (AXSA:2025-11118:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11118:03 advisory. os/exec: Unexpected paths returned from LookPath in os/exec CVE-2025-47906 Tenable has extracted the preceding description block directly from the...

CLSA-2026-1767970357 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31309

A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CLSA-2026-1767950193 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

CVE-2017-20216

CVE-2017-20216 concerns FLIR Thermal Camera PT-Series firmware 8.0.0.64, where multiple unauthenticated remote command injection vulnerabilities exist in the controllerFlirSystem.php script. The root cause is unsanitized POST parameters in the execFlirSystem() function leading to shell_exec() cal...

CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...

PT-2026-1825

Name of the Vulnerable Software and Affected Versions sonirico mcp-shell version 0.3.1 Description A command injection issue exists in the shell exec function. An attacker can execute arbitrary commands by providing a specially crafted command string. The issue affects the shell exec function...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000447)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000447 advisory. A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because execid in include/linux/sched.h is only 32 bits, an...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...