CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...

CVE-2026-31728

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fix race between getherdisconnect and ethstop A race condition between getherdisconnect and ethstop leads to a NULL pointer dereference. Specifically, if ethstop is triggered concurrently while getherdisconne...

Bitwarden CLI 操作系统命令注入漏洞

Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...

Kompany MCP Server 命令注入漏洞

Kompany MCP Server is a collaboration tool for Eyal Individual Developers that connects an AI assistant to a task management platform. Kompany MCP Server suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter devscript in the file...

Curl 8.17.0 < 8.20.0 OCSP Stapling Bypass

The version of curl installed on the remote host is 8.17.0 prior to 8.20.0. It is, therefore, affected by an OCSP stapling bypass vulnerability: - When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is...

Important Photon OS Security Update - PHSA-2026-5.0-0840

Updates of 'python3-pip' packages of Photon OS have been released...

Wireshark 2.2.x < 2.2.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.2 advisory. - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory...

Wireshark 4.6.x < 4.6.5 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.5 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

ctf-scripts

CTF Scripts Kumpulan script otomatisasi dan template eksploit...

CVE-2026-7246

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

K000161051: WebKitGTK vulnerability CVE-2026-20652

Security Advisory Description The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. CVE-2026-20652 Impact There...

CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

EUVD-2026-26302

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

OpenHarness 操作系统命令注入漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open-source in nature. OpenHarness has a vulnerability related to operating system command injection. This vulnerability stems from the /bridge slash command, which poses a risk of remote code execution,...

Apple Security Advisory 04-22-2026-1

Apple Security Advisory 04-22-2026-1 - iOS 26.4.2 and iPadOS 26.4.2 address a logging issue with improved data redaction...

PT-2026-36098

Name of the Vulnerable Software and Affected Versions Pallets Click versions 8.3.2 and earlier Description A command injection issue exists in the click.edit function, which allows an unprivileged account to execute arbitrary operating system commands. Recommendations Update to a version later th...

Important Photon OS Security Update - PHSA-2026-5.0-0838

Updates of 'curl' packages of Photon OS have been released...