25100 matches found
PT-2026-27542
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.4 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 visionOS versions prior to 26.4 Description A flaw exists in path handling...
Photon OS 4.0: Vim PHSA-2026-4.0-0979
An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0979. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid30340...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.15)
The version of AOS installed on the remote host is prior to 7.0.1.15. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.15 advisory. - urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...
Mozilla Firefox < 149.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 149.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-20 advisory. - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox...
CVE-2026-4611
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-4611
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
EUVD-2025-208939
Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...
EUVD-2025-208940
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...
CVE-2025-15519
The CVE-2025-15519 affects TP-Link Archer NX200/NX210/NX500/NX600 devices, where an improper input handling in the modem-management CLI allows authenticated administrators to inject commands that are executed by the OS. This can impact confidentiality, integrity, and availability as described. No...
CVE-2026-4591 kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection
A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit...
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
CVE-2026-32968
CVE-2026-32968 describes an unauthenticated RCE in the MB CONNECT LINE MBCONNECT24 family (mymbCONNECT24 and mbCONNECT24) up to version 2.5.0. The vulnerability arises from improper neutralisation of special elements used in an OS command, allowing a remote attacker to execute code and potentiall...
CVE-2026-3587 Hidden CLI Function Allows Root Access
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...
CVE-2026-3587 Hidden CLI Function Allows Root Access
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...
CVE-2026-3587
CVE-2026-3587 describes an unauthenticated remote vulnerability where an attacker can exploit a hidden function in the CLI prompt to escape the restricted interface on a Linux-based OS, resulting in full device compromise. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) yields a base sc...
[SECURITY] Fedora 42 Update: scitokens-cpp-1.4.1-1.fc42
C++ Implementation of the SciTokens Library...
PT-2026-27220
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
WWBN AVideo 操作系统命令注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the sanitizeFFmpegCommand function, which failed to filter bash...
Kalcaddle Kodbox 操作系统命令注入漏洞
Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of Kalcaddle Kodbox contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the...