44924 matches found
CVE-2026-33145
A flaw was found in xrdp. An authenticated remote user can exploit this vulnerability due to the unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, xrdp executes client-supplied AlternateShell values via /bin/sh -c during session...
CVE-2026-6603
CVE-2026-6603 affects modelscope agentscope up to version 1.0.18. The vulnerability targets the function execute_python_code/execute_shell_command in src/AgentScope/tool/_coding/_python.py, enabling code injection due to the underlying manipulation. The attack is described as remotely exploitable...
Progress LoadMaster 安全漏洞
Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from the uncleaned input of custom WAF rule files during file uploads. This vulnerabili...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain Dell PowerProtect DD, as well as...
ROS-20260420-73-0030
Vulnerability in moodle is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
Progress LoadMaster 安全漏洞
Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the addcountry command. This vulnerability could allow...
PT-2026-33833
Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...
Spinnaker 安全漏洞
Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Versions of Spinnaker prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain security vulnerabilities. These vulnerabilities stem from the...
Flowsint 安全漏洞
Flowsint is an open-source intelligence visualization and investigation tool developed by reconurge. Flowsint has a security vulnerability, which stems from the orgtoasn converter allowing arbitrary OS commands to be executed through shell metacharacters and Docker containers. This could enable...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...
PT-2026-33799
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description An OS command injection issue exists where...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Version 1.0.8 of Vvveb contains a security vulnerability. This vulnerability stems from a logical flaw in the file renaming processor. It could allow...
PT-2026-33832
Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...
PT-2026-33794
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
PT-2026-33763
Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description Two separate issues allow authenticated attackers to execute arbitrary commands on the LoadMaster appliance. The first involves OS command injection via the 'aclcontrol' command...
Dell PowerProtect Data Domain Parameter Injection Vulnerability (CNVD-2026-18540)
Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...
PT-2026-33791
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...
Exploit for CVE-2026-4257
⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...
Malicious code in cktool.internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35ec7e83cb03e16d3d408e617ad1c8a72dae84f6b8655f5439b1e5465e47fc The package cktool.internal was found to contain malicious code. Source: ghsa-malware fea6b6dafa01114874236a50b5923473307ac91ce0b6c562d3ccb2fa27e6af4...
MAL-2026-2919 Malicious code in apple-idms-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f0eeec23623c0969b1edd5df79a1b592d22f6c05b5c91442114efd08ce173be The package apple-idms-internal was found to contain malicious code. Source: ghsa-malware...