UBUNTU-CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-42785 OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

EUVD-2026-31835

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

Exploit for OS Command Injection in Olivetin

cve-2025-50946 Exploit script for CVE-2025-50946...

CVE-2026-9532 Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

B&R PPT30 Operating System

SUMMARY B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. 2. FREQUENTLY ASKED QUESTIONS What causes the vulnerability? - The vulnerability...

Lumiverse 参数注入漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained a parameter injection vulnerability. This vulnerability stemmed from the MCP server creating endpoint validation commands without verifying the arg...

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

WorkClaw 操作系统命令注入漏洞

WorkClaw is a desktop AI employee team collaboration tool developed by haojing8312. Versions of WorkClaw prior to 0.6.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the isdangerous function in the Blacklist Handler...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities; these vulnerabilities stemmed from out-of-bound read operations, which could potentially cause applications to...

PT-2026-43255

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities, which were due to permission issues, potentially allowing applications to access sensitive user data...

B&R Industrial Automation PPT30 Operating System 安全漏洞

The B&R Industrial Automation PPT30 Operating System is an industrial control terminal operating system developed by B&R Industrial Automation in Austria. Versions of the B&R Industrial Automation PPT30 Operating System prior to 1.8.0 contained security vulnerabilities. These vulnerabilities...

PT-2026-43423

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

PT-2026-43421

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

OpenVPN Connect 安全漏洞

OpenVPN Connect is a VPN Virtual Private Network client application developed by OpenVPN Inc. Versions 3.5.1 to 3.8.1 of OpenVPN Connect have security vulnerabilities. These vulnerabilities stem from an issue with permissions in the background service on macOS, which may allow attackers to execut...

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

PT-2026-43355

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An OS command injection issue exists in the MikroTik router integration plugin. The log function in src/mikrotik plugin/fastnetmon mikrotik.php constructs shell commands by...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUpgradeUboot...

MAL-2026-4438 Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...