CVE-2026-20113

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:10+00:00| seen|...

CVE-2026-20112

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:10+00:00| seen|...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-16043)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from the safeBins configuration failing to properly filter constructed command special characters, commands, etc., which can...

thingino-firmware 操作系统命令注入漏洞

thingino-firmware is an open-source firmware developed by Paul Philippov for specific SoC IP cameras. Versions of thingino-firmware up to firmware-2026-03-16 contained a vulnerability related to operating system command injection. This vulnerability stemmed from unvalidated os commands in the WiF...

Important Photon OS Security Update - PHSA-2026-5.0-0796

Updates of 'binutils' packages of Photon OS have been released...

EUVD-2026-15440

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit th...

EUVD-2026-15449

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

EUVD-2026-15429

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via unsanitized input in the restreamer.json.php file. An attacker can execute arbitrary operating system commands with the privileges of the web...

EUVD-2026-15951

Modoboa has OS Command Injection...

Modoboa has OS Command Injection

Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...

CVE-2026-20110

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit th...

CVE-2026-20012

The CVE-2026-20012 entry describes a memory-leak DoS in the IKEv2 handling of Cisco IOS, IOS XE, ASA, and FTDS (Threat Defense). Root cause: improper parsing of IKEv2 packets leading to conditions where devices reload (IOS/IOS XE) or exhaust memory to the point of instability (ASA/FTD). Affected ...

Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2026-23375

In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes filethpenabled incorrectly allows THP for files on anonymous inodes e.g. guestmemfd and secretmem. These files are created via allocfilepseudo, which does not call getwriteaccess an...

CVE-2026-23317

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

EUVD-2026-15145

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data...

EUVD-2026-15137

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

EUVD-2026-15153

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user da...