7613 matches found
Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 代码注入漏洞
Both Micro Research MR-GM5L-S1 and Micro Research MR-GM5A-L1 are embedded industrial communication module devices produced by the Canadian company Micro Research. Both devices have code injection vulnerabilities; these vulnerabilities stem from code injection issues that may allow for the executi...
Lantronix EDS5000 安全漏洞
The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from the HTTP RPC module directly concatenating commands into the username parameter without proper...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
PT-2026-24723
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
Cisco IOS XR 操作系统命令注入漏洞
Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. Cisco IOS XR has a vulnerability related to operating system command injection, which stems from insufficient validation of user parameters in certain CLI commands. This vulnerability may lead to...
Exploit for Code Injection in Anthropic Claude_Code
Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...
PT-2026-24752
Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...
CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...
CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...
Chamilo import.php file OS command injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...
Ubuntu 22.04 LTS : Zutty vulnerability (USN-8078-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8078-1 advisory. Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary...
Ubuntu: Security Advisory (USN-8079-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chamilo check_parse_lang.php file OS command injection vulnerability
Chamilo is a learning management system open source by Chamilo. Chamilo checkparselang.php file has an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...
CVE-2026-30861
Technical details about CVE-2026-30861 are not provided in the connected documents. The initial description mentions the vulnerability and patch, but no deeper technical specifics. Monitor for updates and rely on official advisories for remediation.
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...
USN-8079-1: less vulnerability
It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...
USN-8079-1 less vulnerability
It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...
CVE-2026-29610
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...
CVE-2026-29610
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...
CVE-2026-28470
OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...