18437 matches found
PT-2026-39404
A security flaw has been discovered in Wavlink NU516U1 M16U1 V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl Pass is directly passed by the attacker/so we can control the EncrypType/wl Pass results in os...
PT-2026-39325
Name of the Vulnerable Software and Affected Versions Hikvision switch products affected versions not specified Description Certain Hikvision switch products, discontinued since December 2023, contain a flaw allowing authenticated remote command execution. This issue stems from insufficient input...
CVE-2026-42453
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
EUVD-2024-28103
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...
CVE-2026-41900
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...
EUVD-2026-28466
A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...
📄 Exim 4.91 Remote Command Execution
Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit. Spawns a netcat shell on port 31415 as root, then connects to it Vulnerablity is within Exim 4.87-4.91 import subprocess import socket import os import time from subprocess import Popen, PIPE...
CVE-2026-8112
A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-8112
CVE-2026-8112 affects 8421bit MiniClaw up to commit 223c16a1088e138838dcbd18cd65a37c35ac5a84. The vulnerability is an OS command injection in the function executeCognitivePulse() in src/kernel.ts, exploitable remotely. The exploit has been publicized; no version details are provided due to rollin...
TRYHACKME_FLATLINE_REPORT
TryHackMe – Flatline CTF | Penetration Testing Report !Platf...
CVE-2026-7812
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function gitoperation of the file src/codemcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack...
CVE-2026-7833
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...
Geovision GV-ASWeb 代码注入漏洞
Geovision GV-ASWeb is a web-based software developed by Geovision Corporation. It is used for remote access and configuration of the GV-ASManager’s database. Version 6.2.0 of Geovision GV-ASWeb contains a code injection vulnerability. This vulnerability stems from a remote code execution issue in...
PT-2026-38275
Name of the Vulnerable Software and Affected Versions com.ritense.valtimo:document versions 12.0.0 through 12.31.0 com.ritense.valtimo:case versions 13.0.0 through 13.22.0 com.ritense.valtimo:contract versions 13.4.0 through 13.22.0 Description Valtimo is an open-source business process automatio...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the FreemarkerEngine.parse function. An attacker can execute arbitrary commands on the server by injecting malicious template code that leverages unrestricted cla...
MAL-2026-3347 Malicious code in gemini-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...
Malicious code in gemini-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...
EUVD-2026-27319
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...
CVE-2026-7833
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...
CVE-2026-7833 EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub408F90 of the file /cgi/iuxset.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The...