📄 ASUS Router Multi-Stage Command Injection

A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

CVE-2026-26982

CVE-2026-26982 — Ghostty: Ghostty, a cross-platform terminal emulator, is vulnerable to arbitrary command execution via control characters (notably 0x03) embedded in pasted or dragged text. The attack requires user interaction (copy/paste or drag/drop) and can be hard to detect because dangerous ...

EUVD-2026-10364

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

EUVD-2025-208404

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

EUVD-2025-208403

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

CVE-2025-14558

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

CVE-2025-14558

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

MAL-2026-1290 Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

Chamilo check_parse_lang.php file OS command injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo checkparselang.php file has an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

Chamilo import.php file OS command injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...

Ubuntu 22.04 LTS : Zutty vulnerability (USN-8078-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8078-1 advisory. Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary...

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

📄 F5 BIG-IP TMUI Unauthenticated Remote Code Execution

This Metasploit module exploits a directory traversal vulnerability in the F5 BIG-IP TMUI interface that allows unauthenticated attackers to execute arbitrary system commands via tmshCmd.jsp...

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine...

Ubuntu: Security Advisory (USN-8078-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-8079-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview es-toolkit is an A state-of-the-art, high-performance JavaScript utility library with a small bundle size and strong type annotations. Affected versions of this package are vulnerable to Arbitrary Code Injection. The template function in...