CVE-2026-31177

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31175

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

Flowise 输入验证错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a vulnerability related to input validation errors. This vulnerability stemmed from parameter overriding bypasses and NODEOPTIONS environment...

Malicious code in process-support (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ba15c5dd66c6282ee21f8ee819191d6fbbbf194845ad231ac7d26856d334db70 During import, the package automatically starts code acting as a RAT. It connects with a hardcoded C2 server and waits for commands, supporting e.g. executing...

CVE-2026-26354

Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.10, and LTS2024 7.13.1.0–7.13.1.60 contains a stack-based Buffer Overflow vulnerability. An unauthenticated, remote attacker could potentially exploit this to achieve arbitrary command execution. ...

CVE-2026-26943

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...

PT-2026-34533

Dell PowerProtect Data Domain with Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker...

GHSA-J2G9-RPRV-HRHC Dolibarr user with permission to edit PHP content can bypass filtering to restrict dangerous PHP functions

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

MAL-2026-2963 Malicious code in typelimagic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...

📄 Trojan-Spy.Win32.Small MVID-2026-0705 Remote Command Execution

Trojan-Spy.Win32.Small malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access to execute arbitrary operating system commands on the infected host. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2026 Original source:...

PT-2026-34015

Name of the Vulnerable Software and Affected Versions Bamboo Data Center versions 9.6.0 through 9.6.24 Bamboo Data Center versions 10.0.0 through 10.2.17 Bamboo Data Center versions 11.0.0 through 12.1.5 Description An OS Command Injection issue allows an authenticated attacker to achieve Remote...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

SUSE CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

Exploit-for-OSVDB-75095-LotusCMS-3.0

LotusCMS 3.0 eval RCE — Defensive Research Overview This...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-32311 Command Injection and Docker container escape allows root on host machine

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

EUVD-2026-23899

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-24504

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this...

CVE-2026-24505

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-24504

CVE-2026-24504 affects Dell PowerProtect Data Domain versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60, due to improper input validation. A high-privilege attacker with remote access could potentially exploit this to achieve arbitrary command execution with root privi...