2853 matches found
CVE-2026-0784
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0786
ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-0765 Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability
Open WebUI PIP installfrontmatterrequirements Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists...
CVE-2026-0758 mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability
mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2026-0757 MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...
CVE-2026-0756
The CVE-2026-0756 issue affects github-kanban-mcp-server and stems from improper validation of the create_issue input before it is used in a system call, allowing an attacker to execute arbitrary code with the service account privileges, with no authentication required. References indicate this i...
CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-15061
CVE-2025-15061 affects Framelink Figma MCP Server. The flaw is in the fetchWithRetry method, where a user-supplied string is not properly validated before being used in a system call, enabling remote command execution with the service account’s privileges. Attack requires network access and no au...
CVE-2026-0795 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0795
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0786
CVE-2026-0786 affects ALGO 8180 IP Audio Alerter devices via the SCI module. The issue is a lack of input validation on a user-supplied string used in a system call, enabling remote code execution in the device context after authentication. Multiple sources confirm the vulnerability, including ZD...
CVE-2025-55423
A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000955)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000955 advisory. The startthread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001043)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001043 advisory. The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system...
MiracleLinux 7 : kernel-3.10.0-693.21.1.el7 (AXSA:2018-2625:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2625:03 advisory. Kernel: KVM: MMU potential stack buffer overrun during page walks CVE-2017-12188, Important Kernel: KVM: debug exception via syscall emulation...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000954)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000954 advisory. The rdsiwladdrcheck function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service NULL pointer dereference and system cra...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001218)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001218 advisory. The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001597)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001597 advisory. The initnewcontext function in arch/x86/include/asm/mmucontext.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000942)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000942 advisory. Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service BUG or possibly have unspecified other...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000641)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000641 advisory. Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vecto...