CVE-2026-49134

CodexBar prior to 0.32.0 is affected by a local privilege-escalation in the CLI installer due to a race condition in temporary file handling. The installer uses mktemp to create a privileged temporary file, writes a shell payload into it, and then executes it with administrator privileges via bas...

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

CVE-2026-36828

CVE-2026-36828 describes a command-injection in Panabit PAP-XM320 up to v7.7. The vulnerable CGI is /cgi-bin/tools/ajax_cmd; when authenticated users supply action=runcmd, they can execute arbitrary shell commands with root privileges. Impact aligns with high-severity, full control over the host ...

CVE-2026-44194

The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...

CVE-2026-0261

CVE-2026-0261 describes multiple command injection vulnerabilities in PAN-OS that allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. Exploitation requires access to the PAN-OS CLI or Web UI. Affected products include PAN-OS running on PA-Ser...

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

CVE-2026-31196

The vulnerability CVE-2026-31196 affects ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway. The traceroute diagnostic handler (/bin/httpd_clientside) unsafely inserts user-supplied destAddr input into a system() call, enabling authenticated remote attackers to execute arbitrar...

EUVD-2025-209614

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

CVE-2026-41446

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-26951

CVE-2026-26951 affects Dell PowerProtect Data Domain. The advisory states a stack-based buffer overflow in the product affecting: 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The vulnerability could be exploited by a high-privilege attacker with local access to achieve a...

CVE-2026-26951

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...

CVE-2026-24505

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

CVE-2026-5967

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.20 a...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.20 a...

PT-2026-33793

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this...

CVE-2026-35074

CVE-2026-35074 affects Dell PowerProtect Data Domain products: 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an improper neutralization of special elements used in an OS command injection vulnerability, enabling a high-privilege local attacker to execute ...

CVE-2026-33791

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...