CVE-2026-41315 mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...

CVE-2026-41315 mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...

CVE-2026-41315

CVE-2026-41315 : mdserver-web (Linux panel) versions 0.18.0–0.18.4 contain a front-end unauthenticated remote command execution vulnerability. The lack of authentication on the /modify_crond and /start_task interfaces allows an attacker to modify default built-in scheduled tasks and start them, r...

Malicious code in pyexecutorsme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 326ad16be9056f6cbd75fa4f9a47dec8c3613b56aa53d3e5d439efeef7c6fcad Package attempts to download and execute a script acting as remote access trojan. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Archon 安全漏洞

Archon is a content management system CMS specifically designed for archival information management. Version 0.1.0 of Archon contains a security vulnerability. This vulnerability stems from a specially crafted HTML page, which may allow victims to execute commands when accessing the system, run...

Apache HertzBeat 1.8.0 Remote Command Execution

Apache HertzBeat version 1.8.0 suffers from a remote command execution vulnerability via the scriptCommand parameter in a monitoring template definition...

PT-2026-41016

Name of the Vulnerable Software and Affected Versions mdserver-web versions 0.18.0 through 0.18.4 Description mdserver-web contains a front-end unauthorized remote command execution RCE issue. The lack of authentication on the ' /modify crond' and '/start task' endpoints allows an attacker to...

PT-2026-41031

Name of the Vulnerable Software and Affected Versions Crabbox versions prior to 0.12.0 Description An environment variable exposure issue allows attackers with access to a malicious or compromised repository to forward local secrets, such as API tokens, cloud credentials, and broker tokens, into...

GestioIP 3.5.7 Remote Command Execution

This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit...

Apache HertzBeat 1.8.0 - Remote Code Execution

Exploit Title: Apache HertzBeat 1.8.0 - Remote Code Execution Google Dork: N/A Date: 2026-03-09 Exploit Author: Brett Gervasoni Vendor Homepage: https://hertzbeat.apache.org/ Software Link: https://github.com/apache/hertzbeat/releases Version: 1.8.0 Tested on: Linux Docker; official HertzBeat...

CVE-2026-6281

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

SUSE CVE-2017-11366

components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

CVE-2026-6281

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

EUVD-2026-29849

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

PT-2026-40698

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device...

CVE-2026-44870

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

CVE-2026-44870

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

CVE-2026-44865 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-44865

CVE-2026-44865 describes authenticated command-injection vulnerabilities in the web-based management interface of HPE AOS-8 and AOS-10 operating systems. The NVD entries state that an authenticated remote attacker could execute arbitrary commands on the underlying OS, with CVSSv3.1 metrics indica...

MAL-2026-3615 Malicious code in ai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...