CVE-2026-32673

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a...

PT-2026-40636

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue in scripted monitors allows an authenticated attacker with the Resource Administrator or Administrator role to...

EUVD-2026-29509

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

marimo 访问控制错误漏洞

Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

Exploit for Code Injection in Anthropic Claude_Code

CVE-PENDING: MCP Tool Confirmation Prompt Misrepresentation in...

EUVD-2026-3636

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2025-3232

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

FACTION 安全漏洞

Faction is an open source pen inspection report generation and evaluation collaboration framework from Faction Security. A security vulnerability exists in FACTION versions prior to 1.7.1 that stems from an extension execution path that allows untrusted extension code to execute arbitrary system...

CVE-2025-42892

CVE-2025-42892 describes an OS Command Injection in SAP Business Connector. An authenticated attacker with administrative privileges and adjacent network access can upload specially crafted content to the server; if processed, this can enable execution of arbitrary operating system commands and m...

EUVD-2019-14747

Malware in sbrugna...

EUVD-2016-1289

Malware in sbrugna...

EUVD-2024-49097

Malicious code in bioql PyPI...

EUVD-2025-23925

Malicious code in bioql PyPI...

EUVD-2025-21021

Malicious code in bioql PyPI...

EUVD-2025-9519

Malicious code in bioql PyPI...

CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

Command Injection

@sunwood-ai-labs/github-kanban-mcp-server is vulnerable to command injection. The vulnerability is due to the use of the unsafe exec API with untrusted user input in the addcomment tool, which allows an attacker to execute arbitrary system commands through crafted input...