15256 matches found
CVE-2026-23774
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...
CVE-2026-26944
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...
CVE-2026-40527
A flaw was found in radare2. A remote attacker can exploit this by crafting an ELF Executable and Linkable Format binary that embeds malicious commands within its DWARF Debugging With Attributed Record Formats parameter names. When radare2 analyzes such a binary, these embedded commands are...
CVE-2026-33145
A flaw was found in xrdp. An authenticated remote user can exploit this vulnerability due to the unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, xrdp executes client-supplied AlternateShell values via /bin/sh -c during session...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...
ROS-20260420-73-0030
Vulnerability in moodle is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
Flowsint 安全漏洞
Flowsint is an open-source intelligence visualization and investigation tool developed by reconurge. Flowsint has a security vulnerability, which stems from the orgtoasn converter allowing arbitrary OS commands to be executed through shell metacharacters and Docker containers. This could enable...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain Dell PowerProtect DD, as well as...
PT-2026-33832
Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...
PT-2026-33833
Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...
Exploit for CVE-2026-4257
⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...
CVE-2026-33145
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...
DEBIAN-CVE-2026-33145
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...
CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...
CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...
CVE-2026-33145
xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...
MAL-2026-2841 Malicious code in lixxyly (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...
ROS-20260417-73-0038
Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...
ROS-20260417-73-0037
Vulnerability in zabbix7-lts is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
Cisco Smart Software Manager On-Prem Arbitrary Command Execution (cisco-sa-ssm-cli-execution-cHUcWuNr)
According to its self-reported version, Cisco Smart Software Manager On-Prem Arbitrary Command Execution is affected by a vulnerability. - A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the...