CVE-2026-38615

CVE-2026-38615 affects DedeCMS v5.7.118 with a command execution vulnerability in file_manage_control.php. Public sources confirm the issue but do not provide detailed exploitation steps or concrete remediation in the supplied documents. The CVSSv3.1 metrics indicate a high-severity, network-expl...

VulnCheck KEV: CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR, a company in the United States. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow users connected to the local WiFi network to execute operating...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-2257)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...

NETGEAR多款产品 输入验证错误漏洞

NETGEAR RAX120 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have a vulnerability related to input validation errors. This vulnerability stems from insufficient authentication and input validation, which may allow users with local network access to execu...

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

PT-2026-47814

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...

CVE-2026-40519

Nginx Proxy Manager versions 2.9.14–2.15.1 are affected by an authenticated remote code execution via OS command injection in backend/setup.js (setupCertbotPlugins). The user-controlled dns_provider_credentials field is interpolated directly into a shell command executed with child_process.exec()...

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

EUVD-2026-35184

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

EUVD-2026-35176

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

CVE-2026-25855

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

MAL-2026-5365 Malicious code in quickwinston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 304b4e430bff604f20121bc97398fa6ee18a25c16187d31b6553248bc54e63c7 The OpenSSF Package Analysis project identified 'quickwinston' @ 3.19.3 npm as malicious. It is considered malicious because: - The package...

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

VulnCheck KEV: CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

PT-2026-47613

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

CVE-2026-45750

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...