CVE-2026-25139

RIOT OS (IoT embedded OS) versions 2025.10 and prior are affected by multiple out-of-bounds read vulnerabilities in the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating that the packet is large enough to contain the struct, allowin...

CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

EUVD-2026-5374

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

CVE-2026-23048

In the Linux kernel, the following vulnerability has been resolved: udp: call skborphan before skbattemptdeferfree Standard UDP receive path does not use skb-destructor. But skmsg layer does use it, since it calls skbsetownersksafe from udpreadskb. This then triggers this warning in...

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

PT-2026-6269

Name of the Vulnerable Software and Affected Versions RIOT versions 2025.10 and prior Description The RIOT operating system, designed for IoT and embedded devices, contains an issue where out-of-bounds read operations can occur. An unauthenticated user capable of sending or manipulating input...

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

n8n 操作系统命令注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.10 and 2.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from vulnerabilities in the Git node, potentially allowing for the execution o...

PT-2026-5873

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V5.35 through V5.41 Zyxel USG FLEX series versions V5.35 through V5.41 Zyxel USG FLEX 50W series versions V5.35 through V5.41 Zyxel USG20W-VPN series versions V5.35 through V5.41 Description A post-authentication...

Godot MCP 操作系统命令注入漏洞

Godot MCP is an MCP server developed by Solomon Elias, designed for interfacing with the Godot game engine. Versions of Godot MCP prior to 0.1.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executeOperation function, which directly...

RIOT 缓冲区错误漏洞

RIOT is an open-source operating system designed for the Internet of Things. Versions of RIOT prior to 2025.10 contain a buffer error vulnerability. This vulnerability stems from multiple out-of-bounds read vulnerabilities, which may lead to reading adjacent memory locations or causing device...

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

CVE-2026-0631

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

EUVD-2026-5270

OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution...

CVE-2026-22550

OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution...

CVE-2026-22550

CVE-2026-22550 affects WRC-X1500GS-B and WRC-X1500GSA-B with an OS command injection. A crafted request from an authenticated/logged-in user may trigger arbitrary OS command execution, as described across multiple sources (NVD/Red Hat/AttackersKB). The Red Hat entry reiterates the issue and the P...

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

CVE-2025-58381

CVE-2025-58381 affects Brocade Fabric OS prior to 9.2.1c2. An authenticated admin can use shell commands (source, ping6, sleep, disown, wait) to modify path variables and traverse directories (directory transversal). Public docs consistently name Brocade Fabric OS and versions up to 9.2.1c2 as af...