19522 matches found
PT-2026-33092
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on th...
Cisco ISE和Cisco ISE-PIC 安全漏洞
Cisco ISE and Cisco ISE-PIC are both products of the American company Cisco. Cisco ISE is a NAC solution designed to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE-PIC is a component of Cisco ISE. Both Cisco ISE and Cisco ISE-PIC have...
VulnCheck KEV: CVE-2025-12548
A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...
PT-2026-33069
Name of the Vulnerable Software and Affected Versions Windsurf version 1.9544.26 Description A prompt injection issue occurs when the application processes attacker-controlled HTML content. This allows remote attackers to execute arbitrary commands on a victim system without user interaction. The...
Jaaz 安全漏洞
Jaaz is an AI-driven multi-modal creative design platform developed by 11cafe. Version 1.0.30 of Jaaz contains a security vulnerability, which stems from improper handling of MCP STDIO command execution. This vulnerability could allow remote attackers to execute arbitrary commands...
LangChain-Chatchat 安全漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...
Windsurf 安全漏洞
Windsurf is an AI programming software developed by the Windsurf company. Version 1.9544.26 of Windsurf contains a security vulnerability. This vulnerability stems from prompt injection, and it could allow remote attackers to execute arbitrary commands on the victim’s system...
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
CVE-2026-30615
CVE-2026-30615 affects Windsurf 1.9544.26. The connected sources describe a prompt-injection vulnerability that occurs when Windsurf processes attacker-controlled HTML content, enabling remote command execution and manipulation of the local MCP configuration, including automatic registration of a...
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...
CVE-2026-31170
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-6155
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...
CVE-2026-5978
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. Th...
CVE-2026-6131
A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...
CVE-2026-5976
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...
CVE-2026-5850
A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...