CVE-2026-33613 MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

CVE-2026-33613

CVE-2026-33613 concerns MB Connect Line mbCONNECT24 with a remote code execution in the generateSrpArray function caused by improper neutralisation of special elements in an OS command. The vulnerability allows an attacker to achieve full system compromise, but only if there is another path to wr...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.1 had a security vulnerability caused by a state management issue. This vulnerability could allow attackers with physical access to input keyboard events int...

PT-2026-29806

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn connect of the file /setup.cgi. Executing a manipulation of the argument policy name can lead to os command injection. The attack can be executed remotely. The exploit has been published and ma...

Progress Flowmon 操作系统命令注入漏洞

Progress Flowmon is a real-time network traffic monitoring tool developed by Progress Corporation. Versions of Progress Flowmon prior to 12.5.8 contained an operating system command injection vulnerability. This vulnerability stemmed from requests created by authenticated, low-privilege users...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an application to terminate unexpectedly...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia has a security bypass vulnerability that can be exploited by attackers to cause an application to break out of its sandbox...

PT-2026-38110

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Fullscreen on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use...

MB Connect Line mbCONNECT24 操作系统命令注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a vulnerability related to operating system command injection. Th...

PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()

Summary The --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. Details cli/features/mcp.py:61 source -...

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode method. An attacker can execute arbitrary operating system commands by passing a crafted str...

Apple Pushes Rare iOS 18 Patch for Devices at Risk from DarkSword Exploit

Apple pushes rare iOS 18 security patch to protect devices at risk from the DarkSword exploit, urging users to update or move to iOS 26 for stronger protection...

CVE-2026-21861

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is...

CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...

PT-2026-29822

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.69 Description PraisonAI is susceptible to OS Command Injection, potentially leading to Remote Code Execution RCE. The --mcp command-line argument is passed to shlex.split and then to anyio.open process without...

ROS-20260401-73-0038

Vulnerability in webmin is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

PT-2026-29825

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description PraisonAI is susceptible to a critical Python sandbox escape issue that permits code execution outside of the intended sandbox environment. The flaw resides within the execute code function...

SUSE CVE-2026-28857

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

EUVD-2026-17265

baserCMS has OS command injection vulnerability in installer...