Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in the psql interactive terminal of PostgreSQL in versions prior to 13.1, prior to 12.5, prior to 11.10, prior to 10.15, prior to 9.6.20, and prior to 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary cod...

Astra Linux – Vulnerability in WebKit2GTK

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may result in address bar spoofing...

Astra Linux – Vulnerability in Chromium

Before version 87.0.4280.88, using "use after free" in media in Google Chrome on OS X allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2, and iPadOS 17.2, as well as macOS Sonoma 14.2. Processing web content may result in a denial-of-service...

Astra Linux - уязвимость в linux-5.15

A bug affects the ksmbd NTLMv2 authentication of the Linux kernel, and it is known to cause the operating system to crash immediately in Linux-based systems...

Astra Linux – Vulnerability in open-iscsi

A issue was discovered in Contiki through version 3.0. An integer overflow exists in the uIP TCP/IP stack component when parsing TCP MSS options for IPv4 network packets in the uipprocess function in net/ipv4/uip.c...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved UI handling. This issue is fixed in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1. Visiting a website that contains malicious content may lead to UI spoofing...

EUVD-2026-26836

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

PT-2026-38684

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0435 Description An OS command injection issue exists in the :find command-line completion. When the path option contains shell commands enclosed in backticks, these commands are executed during file name completion...

EUVD-2026-26800

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

CVE-2026-7608

TRENDnet TEW-821DAP (firmware up to 1.12B01) is affected by a vulnerability in the tools_diagnostic function that allows OS command injection. Public exploit exists. The vendor notes the hardware version is v1.xR and that the product is EOL and no longer sold, with the vulnerability affecting onl...

GHSA-WF66-MPHR-4C4R vulnerabilities

Vulnerabilities for packages: knative-kafka-broker, wildfly, strimzi-kafka-operator, strimzi-kafka-operator-fips, knative-kafka-broker-fips, opensearch, seata, druid...

GHSA-GC8W-X73W-P4RH yii2-mcp-server has a Command Injection Issue

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

yii2-mcp-server has a Command Injection Issue

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

CVE-2026-7600

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...

Yii2 MCP Server 命令注入漏洞

Yii2 MCP Server is a database and project management tool developed by Arthur Minasyan for the Yii2 framework. Version 1.0.2 of Yii2 MCP Server contains a command injection vulnerability. This vulnerability stems from improper handling of the yiicommandhelp/yiiexecutecommand function in the MCP...

CVE-2026-7593

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...