WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the fact that the restreamer endpoint directly concatenated user inp...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities were caused by multiple vulnerabilities in the CloneSite plugin, which could allow unauthenticated attackers to...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an OS Command (CVE-2024-14026)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

Important Photon OS Security Update - PHSA-2026-4.0-0984

Updates of 'glibc', 'libtiff', 'coredns' packages of Photon OS have been released...

CVE-2026-33319

Summary: CVE-2026-33319 affects WWBN AVideo prior to 26.0 via the SocialMediaPublisher/SocialUploader.php. The vulnerability is an OS command injection because the code builds a shell command by concatenating an untrusted upload URL from LinkedIn’s API with a file path and passes it to exec(), wi...

EUVD-2026-13941

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the...

Duplicate Advisory: OpenClaw has an improper sandbox configuration vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-43x4-g22p-3hrq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to...

CVE-2026-32046

CVE-2026-32046 involves OpenClaw prior to 2026.2.21 with an improper sandbox configuration that lets an attacker run arbitrary code by exploiting renderer-side vulnerabilities without sandbox escape. The exploit leverages disabled OS-level sandbox protections inside the Chromium browser container...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability is caused by failing to filter the shell startup environment variables HOME and ZDOTDIR in the system.run function. An attacker ca...

GHSA-PMJ8-R2J7-XG6C AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()

Summary The sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails to strip $ bash command substitution syntax. Since the sanitized command is...

SUSE CVE-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

D-Link DIR-513 操作系统命令注入漏洞

The D-Link DIR-513 is a wireless router product from the D-Link company. The D-Link DIR-513 1.10 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of parameters in the file/goform/formSysCmd, specifically the sysCmd...

CVE-2026-32016

OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...

EUVD-2026-13206

Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bing Images allows an unauthorized attacker to execute code over a network...

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

Summary The uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacker can influence the LinkedIn API response via MITM, compromis...

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.21 to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the Windows shell backtracking mechanism implement...