19582 matches found
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
📄 Juniper JunosEvolved Remote Command Execution
This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...
Unity Linux 20.1060e / 20.1070e Security Update: atril (UTSA-2026-005397)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005397 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in...
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...
GHSA-XC68-RRQC-QGQ3 MCP NMAP Server has an Injection vulnerability
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2026-1775
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3485 D-Link DIR-868L SSDP Service sub_1BF84 os command injection
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
EUVD-2026-9317
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
stabilizer 安全漏洞
Stabilizer is a performance evaluation tool developed by Charlie Curtsinger. Stabilizer has a security vulnerability, which stems from the direct transmission of uncleaned user input to os.system, potentially allowing remote attackers to execute arbitrary system commands...
CVE-2025-52365
The CVE-2025-52365 entry concerns a command injection in the szc script of the ccurtsinger/stabilizer repo. The issue stems from improper input handling where command-line arguments are directly concatenated into shell commands via os.system(), enabling remote command execution. Public references...
WordPress Backup Migration 1.3.7 - Remote Command Execution
Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution Date: 2025-10-26 Exploit Author: DANG Vendor Homepage: https://backupbliss.com/ Software Link: https://wordpress.org/plugins/backup-backup/ Version: Backup Migration ≤1.3.7 Tested on: LINUX CVE : CVE-2023-6553 This module...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the host=node executions. An attacker can execute commands from an unintended filesystem location by rebinding a writable parent symlink...
MajorDoMo Remote Command Injection via cycle_execs Race Condition
This module exploits an unauthenticated command injection vulnerability in MajorDoMo's remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs database...
MAL-2026-1136 Malicious code in amigapythonupdater (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 46cf32631436ddacf36a4984b254c10554b4e94c6099c5012a96ec3a7c5426a1 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...
Malicious code in wisecloudsecrets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e4ed4357b3e8038ef404e043cc63aafe6484b20d94267c4f024a27d840a4a2fc During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...