CVE-2022-26522

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xc4a3...

PT-2026-38911

Name of the Vulnerable Software and Affected Versions Universal Robots PolyScope versions prior to 5.25.1 Description OS command injection in the Dashboard Server interface allows an unauthenticated attacker with network access to the Dashboard Server port to craft commands that execute arbitrary...

PT-2026-38796

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

Mozilla Thunderbird < 150.0.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 150.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-43 advisory. - Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory...

Security update for openCryptoki (moderate)

openSUSE security update: security update for opencryptoki ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20699-1 Rating: moderate References: bsc1262283 bsc1263819 Cross-References: CVE-2026-40253 Affected Products: openSUSE Leap 16.0...

Important Photon OS Security Update - PHSA-2026-5.0-0843

Updates of 'expat' packages of Photon OS have been released...

CVE-2025-67888

Control Web Panel (CWP) before 0.9.8.1209 is affected by an unauthenticated OS command injection flaw. User input passed in the GET parameter “key” to /admin/index.php (when the “api” parameter is set) is not properly sanitized, allowing an attacker to inject and execute arbitrary commands with r...

CVE-2026-8112

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-8112 8421bit MiniClaw kernel.ts executeCognitivePulse os command injection

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js vulnerability discovered by ? in WordPress Npm node-ts-ocr versions 1.0.15...

EUVD-2025-209722

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

Exploit for OS Command Injection in Exim

No d...

CVE-2026-41685 Incus: Unbounded binary import disk exhaustion

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

EUVD-2026-28346

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2026-33587

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2026-33587

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code and subsequently OS commands on the docker container via Server-Side Template Injection SSTI for user-created transformations...

CVE-2025-9661

Summary: CVE-2025-9661: OS command injection in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28. Affected products/versions: Hitachi VSP One Block 23, 24, 26 and 28 (before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00). Vulnerability: OS command in...

NPM: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

NPM: vm2 NodeVM nesting: true bypasses require: false allowing sandbox escape and arbitrary OS command execution vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.0...

GHSA-F2WH-GRMH-R6JM vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips, jenkins, apache-nifi...

CVE-2025-63705

The CVE-2025-63705 entry concerns the NPM package node-ts-ocr version 1.0.15, with a reported OS Command Injection via the invokeImageOcr function in src/index.js. The vulnerability is described as enabling arbitrary command execution with a network attack vector, as indicated by the CVSS 3.1 met...