30733 matches found
📄 FreePBX Filestore Authenticated Command Injection
This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...
PT-2026-25164
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260
Summary: CVE-2026-32260 affects Deno’s node:child_process polyfill (shell: true mode). From 2.7.0 to 2.7.1, a two-stage argument sanitization in transformDenoShellCommand contains a priority bug: when an argument includes a $VAR pattern, it is wrapped in double quotes instead of single quotes. Th...
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...
EUVD-2026-11581
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
Exploit for CVE-2026-31816
CVE-2026-31816 Reverse Shell Exploit Overview This tool e...
EUVD-2026-11486
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
PT-2026-25071
Summary A command injection vulnerability exists in Deno's node:child process polyfill shell: true mode that bypasses the fix for CVE-2026-27190 GHSA-hmh4-3xvx-q5hr. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno'...
PT-2026-24956
Name of the Vulnerable Software and Affected Versions Veeam Backup and Replication affected versions not specified Description A flaw exists that could allow a low-privileged user to obtain saved SSH credentials. The issue involves the potential extraction of these credentials. Recommendations At...
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-3964 OpenAkita Chat API Endpoint shell.py run os command injection
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...
CVE-2026-3964 OpenAkita Chat API Endpoint shell.py run os command injection
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...