CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by switches from Cisco USA. A security vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of parameters for specific CLI commands. An attacker exploiting this vulnerability could...

CVE-2024-39523 Junos OS Evolved: CLI parameter processing issue allows privilege escalation

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle...

CVE-2024-39522 Junos OS Evolved: CLI parameter processing issue allows privilege escalation

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle...

CVE-2024-39521 Junos OS Evolved: CLI parameter processing issue allows privilege escalation

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle...

CVE-2022-26265

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the component phpcli parameter...

Contao 操作系统命令注入漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao Managed Edition version 1.5.0 suffers from an operating system command injection vulnerability, which stems from a Remote Command Execution...

CVE-2018-0348

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to t...

CVE-2018-0348

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to t...

D-Link DSL-2750B OS Command Injection

This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

CVE-2015-4183

Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...