SUSE CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

PT-2026-21959

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...

Cisco UCS Manager Software 安全漏洞

Cisco UCS Manager Software is a device management software developed by the American company Cisco. There is a security vulnerability in Cisco UCS Manager Software. This vulnerability stems from the unnecessary permissions assigned at the NX-OS CLI permission level, which may allow attackers with...

Cisco UCS Manager Software 操作系统命令注入漏洞

Cisco UCS Manager Software is a device management software developed by the American company Cisco. Cisco UCS Manager Software has a vulnerability related to operating system command injection. This vulnerability stems from insufficient validation of command parameters provided by users, which ma...

PT-2026-21927

Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 version 1.0.13.210200 Description A flaw exists due to missing neutralization of special elements, allowing for OS command injection via the TLS-SRP connection handshake. Successful exploitation results in...

PT-2026-21957

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient file system access restrictions could allow an unauthenticated remote attacker to view sensitive information on the underlying operating system. Exploitatio...

Linksys MR9600和Linksys MX4200 安全漏洞

The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities...

Advantech WISE-6610 OS Command Injection Vulnerability

Advantech WISE-6610 is a core gateway device from Advantech, Taiwan, China. The Advantech WISE-6610 suffers from an operating system command injection vulnerability that originates from a misuse of the parameter deletefile in the file /cgi-bin/luci/admin/openvpnapply, which can be exploited by an...

Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS Evolved is an upgraded version of Junos OS from Juniper Networks. There were security vulnerabilities in earlier versions of Junos OS Evolved on the PTX Series 25.4R1-S1-EVO and 25.4R2-EVO. These vulnerabilities stemmed from improper allocation of key resource permission...

CVE-2025-33181

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges...

CVE-2025-33179

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges...

CVE-2026-3102

CVE-2026-3102 affects exiftool up to 13.49 on macOS, specifically the SetMacOSTags function in lib/Image/ExifTool/MacOS.pm within the PNG File Parser. The vulnerability arises from manipulating the DateTimeOriginal argument, enabling an OS command injection . The issue is described as exploitable...

CVE-2026-3102 exiftool PNG File MacOS.pm SetMacOSTags os command injection

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...

CVE-2026-1459

CVE-2026-1459 describes a post-authentication command-injection vulnerability in Zyxel VMG3625-T50B devices, affecting firmware up to 5.50(ABPM.9.7)C0. The issue is in the TR-369 certificate download CGI program; an authenticated administrator can execute OS commands on the device. Metrics indica...

CVE-2025-13943

CVE-2025-13943 concerns Zyxel EX3301-T0 devices with firmware versions up to 5.50(ABVY.7)C0. The issue is a post-authentication command injection in the log file download function that could enable an authenticated attacker to run OS commands on the device. According to the connected documents, t...

EUVD-2025-207550

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50ABVY.7C0 could allow an authenticated attacker to execute operating system OS commands on an affected device...

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

yt-dlp 操作系统命令注入漏洞

yt-dlp is a branch of youtube-dl based on the now-deprecated youtube-dlc. Versions of yt-dlp from 2023.06.21 to 2026.02.21 had an operating system command injection vulnerability. This vulnerability occurred when using the --netrc-cmd command-line option, which might allow command injection,...

PT-2026-21764

Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...