CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

CVE-2026-0761

The CVE-2026-0761 issue affects Foundation Agents MetaGPT, where the function actionoutput_str_to_mapping accepts user-supplied strings without proper validation, allowing remote code execution in the service account context. Reports from Red Hat and NVD summarize the flaw as a Python code execut...

CVE-2026-0795 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-0788

ALGO 8180 IP Audio Alerter Web UI Vulnerability (CVE-2026-0788) affects the Web UI used to view syslog. The flaw arises from improper validation of user-supplied data in the syslog viewing functionality, enabling a persistent Cross-Site Scripting (XSS) attack. A remote attacker can exploit this w...

CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-0782 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2025-15059

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...

GIMP security vulnerabilities

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from the lack of verification of the data length provided by users during the parsing of PSP files. This vulnerability may lead to heap buffer overflows and remote code execution...

Google Gemini MCP Tool operating system command injection vulnerability

Google Gemini MCP Tool is a tool component developed by Google Inc., based on large model context protocols. Google Gemini MCP Tool has a vulnerability related to operating system command injection. This vulnerability stems from the execAsync method, which executes system calls without verifying...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

PT-2026-3945

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution...

CVE-2025-69762

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution...

CVE-2021-47851

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

EUVD-2026-3660

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

CVE-2021-47817

OpenEMR 5.0.2.1 has a cross-site scripting vulnerability that allows authenticated attackers to inject JavaScript via user profile parameters. The underlying issue enables an attacker to craft a payload to download and run a web shell, leading to remote command execution on the vulnerable OpenEMR...

Security information for Hitachi Disk Array Systems

Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...

PT-2026-3799

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

OpenPLC code injection vulnerability

OpenPLC is an open-source programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. Version OpenPLC v3 has a code injection vulnerability, which stems from authenticated remote code execution through the hardware...