Google Wear OS 安全漏洞

Google Wear OS is an operating system developed by Google Inc., specifically designed for smart watches, smart bracelets, and other wearable devices. There is a security vulnerability in Google Wear OS, which stems from an error in the openFile function in BugReportContentProvider.java that allow...

Chamilo 操作系统命令注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the POST parameter “newlanguage” in the file...

PT-2026-22625

Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1 Description The application is a macOS teleprompter. A Cross-Site WebSocket Hijacking CSWSH condition exists in the DirectorServer WebSocket server ws://127.0.0.1:. The server does not validate the HTTP Origin...

Chamilo 操作系统命令注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a vulnerability related to operating system command injection. This vulnerability stemmed from the presence of an OS command injection in the file...

Google Wear OS 安全漏洞

Google Wear OS is an operating system developed by Google Inc., specifically designed for smart watches, smart bracelets, and other wearable devices. There is a security vulnerability in Google Wear OS, which stems from a logical error that may lead to an increase in local privileges...

Chamilo 操作系统命令注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo editinstance.php file has an operating system command injection vulnerability , the vulnerability stems from the file /plugin/vchamilo/views/editinstance.php on the POST parameter maindatabase improperly handled , an attacker...

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

CVE-2026-20902

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...

UBUNTU-CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

CVE-2026-28517

CVE-2026-28517 : openDCIM 23.04 (through commit 4467e9c4) contains an OS command injection in report_network_map.php. The app reads the database-sourced fac_Config.dot value and passes it directly to exec() without validation, enabling an attacker who can modify that value to execute arbitrary co...

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

EUVD-2026-9010

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...

EUVD-2026-8980

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

EUVD-2026-8976

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

EUVD-2026-8979

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

EUVD-2026-8977

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

EUVD-2026-8953

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code executio...

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

CVE-2026-25195

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...

CVE-2026-25111

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route...