CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

CVE-2026-40061

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

CVE-2026-45750

Summary: CVE-2026-45750 affects Termix prior to 2.3.2. The flaw is in the GET /ssh/file_manager/ssh/resolvePath endpoint of the Termix File Manager, where the path parameter is embedded into a shell command executed in the active SSH session. User-controlled input is placed inside double quotes w...

CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

CVE-2026-45746 Termix Vulnerable to Arbitrary Command Execution via Session Hijacking

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744-MCPJAM-RCE-exploit This Python proof-of-concept...

EUVD-2026-34303

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

RLSA-2026:21676 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...

RockyLinux 10 : cockpit (RLSA-2026:21676)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

Arbitrary Command Injection

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted filename as the...

Arbitrary Command Injection

Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted...

SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

AlmaLinux 10 : cockpit (ALSA-2026:21676)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...