CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

CVE-2026-23759

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

CVE-2026-32169

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

CVE-2026-32032

OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands wit...

CVE-2026-27067

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through = 1.3.1...

CVE-2026-27566

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...

CVE-2026-33648

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer endpoint constructs a log file path by embedding user-controlled usersid and liveTransmitionHistoryid values from the JSON request body without any sanitization. This log file path is then...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

CVE-2026-20163

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

CVE-2026-31975

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2019-25483

Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...

CVE-2019-25650

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2019-25650 River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2019-25650

Affected software: River Past CamDo 3.7.6. Vulnerability: SEH buffer overflow in Lame_enc.dll name field enables local code execution. The exploit payload uses a ~280-byte buffer, an NSEH jump, and an SEH handler address to trigger code execution via a pop-pop-ret gadget, potentially establishing...

CVE-2019-25650

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2019-25650 River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...