GHSA-6QR9-G2XW-CW92 Dagu affected by unauthenticated RCE via inline DAG spec in default configuration

Summary Dagu's default configuration ships with authentication disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately with no credentials required — any dagu instance reachable over the network is fully compromised by default. Details...

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP 5.11.0 and earlier contained a code injection vulnerability. This vulnerability stemmed from a remote code execution flaw, which could allow arbitrary code to be executed...

PT-2026-20856

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in GIMP's parsing of PGM files due to a lack of proper memory initialization before access. This can allow a remote attacker to execute arbitrary code on affected systems. User...

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The...

FLIR Systems AX8 Cameras Command Injection (CVE-2022-4364)

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out...

Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2026-1431)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1431 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of...

Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde

Impact This is a remote code execution RCE vulnerability. Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file could execute arbitrary code when installed or required. All projects using this loading behavior are...

Malicious code in telebot-infoe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Remote Code Execution RCE...

[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload

SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...

CVE-2026-22284

Dell SmartFabric OS10 Software (versions prior to 10.5.6.12) is affected by an improper neutralization of special elements used in a command (command injection) vulnerability. The issue allows a highly privileged attacker with remote access to potentially execute commands, with impact to confiden...

Dell SmartFabric OS10 Software 命令注入漏洞

Dell SmartFabric OS10 Software is an operating system based on Debian Linux developed by the American company Dell. Versions of Dell SmartFabric OS10 Software prior to 10.5.6.12 had a command injection vulnerability. This vulnerability stemmed from improper handling of special elements within...

PT-2026-20229

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server version 12.0 Description The software is susceptible to HTML injection. A remote attacker could inject malicious HTML code that would be executed in the victim's web browser within the security context of the...

CVE-2026-2560

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can ...

Advisory ROSA-SA-2026-3194

Software: libtommath 1.1.0 OS: ROSA Virtualization 2.1 unaffected versions = libtommath-1.1.0-4.rv3 affected versions libtommath-1.1.0-4.rv3 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...

CVE-2026-2548

A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub40F820 of the file rc. Executing a manipulation of the argument upnpwaniface/upnpssdpinterval/upnpmaxage can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this...

Command Injection

Overview lu2 is a Simple and flexible UI component library based on native HTML and JavaScript Affected versions of this package are vulnerable to Command Injection due to the use of childprocess.exec function in run.js. An attacker can execute arbitrary operating system commands by supplying...

CVE-2026-2529 Wavlink WL-WN579A3 wireless.cgi DeleteMac command injection

A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist results in command injection. The attack can be executed remotely. The vendor was contacted ear...

Linux Distros Unpatched Vulnerability : CVE-2026-2441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...