Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain is a data protection and de-duplication storage appliance. A parameter injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutralize parameter separators in commands and can be exploited by an attacker ...

JetBrains Junie 安全漏洞

JetBrains Junie is a coding proxy provided by the Czech company JetBrains. Versions of JetBrains Junie prior to 252.549.29 contained security vulnerabilities, which were due to the possibility of executing commands through malicious project files...

ROS-20260417-73-0037

Vulnerability in zabbix7-lts is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

Cisco Smart Software Manager On-Prem Arbitrary Command Execution (cisco-sa-ssm-cli-execution-cHUcWuNr)

According to its self-reported version, Cisco Smart Software Manager On-Prem Arbitrary Command Execution is affected by a vulnerability. - A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the...

Partial String Comparison

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...

Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

GHSA-CVRR-QHGW-2MM6 Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

GHSA-WXW2-RWMH-VR8F electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead to...

EUVD-2026-23174

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-22615

The CVE-2026-22615 entry for Eaton IPP XML handling is a concrete issue: improper input validation could allow an admin with local access to inject code, enabling arbitrary command execution. The impact is tied to Eaton Intelligent Power Protector (IPP) XML processing, with the root cause describ...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

CVE-2026-6349

CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...

SUSE SLES12 Security Update : vim (SUSE-SU-2026:1347-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1347-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS comman...