CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

CVE-2026-44867 Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of AOS-8 and AOS-10

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44860

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-8431

MongoDB Ops Manager versions affected: 7.0 and 8.0.22 and earlier. The vulnerability arises from the Webhook feature: an administrative user who can configure webhooks can trigger arbitrary commands by including specific FreeMarker template syntax in webhook payloads. This is a remote-network, hi...

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

LobeHub 跨站脚本漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

RHEL 9 : openssh (RHSA-2026:16059)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16059 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

EUVD-2026-29084

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory...

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

CVE-2026-4802

CVE-2026-4802 describes a remote command-execution flaw in Cockpit, caused by unsanitized user-controlled parameters in crafted links within the system logs UI. An attacker can inject shell metacharacters and command substitutions to run arbitrary commands on the host, potentially leading to full...

PT-2026-39663

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. The issue occurs because the template src/bentoml/...

PT-2026-39746

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...