EUVD-2026-36772

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

SUSE SLES15 Security Update : hplip (SUSE-SU-2026:2380-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2380-1 advisory. This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA k...

ClipBucket V5 操作系统命令注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 140 – contained an operating system command injection vulnerability. This vulnerability stemmed from the remote playback feature allowing direct...

Exploit for CVE-2026-10520

CVE-2026-10520 — Ivanti Sentry Mass Scanner Detection scanner...

Exploit for CVE-2026-46394

CVE-2026-46394 - HAXcms Git.php OS Command Injection CWE-78...

CVE-2026-10727

Ivanti EPMM (Ivanti Endpoint Manager/Mobile EPMM) is affected by an OS command injection in versions before 12.9.0.1, 12.8.0.3, and 12.7.0.2. A remote authenticated attacker can execute arbitrary commands as root. The CVSS (3.1) vectors indicate network access, high impact on confidentiality, int...

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...

CVE-2026-45777

Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...

CVE-2026-35071

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /ssh/tunnel/connect endpoint, which directly inserted the...

CVE-2025-41277

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

EUVD-2025-209999

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

Linux Distros Unpatched Vulnerability : CVE-2026-48695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in...