PT-2026-3798

Name of the Vulnerable Software and Affected Versions OpenEMR version 5.0.2.1 Description OpenEMR contains a cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript through user profile parameters. Exploitation involves crafting a malicious payload to downlo...

📄 Cisco ISE 3.4 Code Execution / Privilege Escalation / Shell Upload

An unauthenticated file upload vulnerability was identified in the administrative file upload endpoint of Cisco ISE version 3.4 patch 1. The application accepts ZIP archives without authentication and extracts files into sensitive execution paths. An attacker can craft a ZIP archive containing a...

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

Improper Input Validation

Overview wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or...

Malicious code in spellcheckerpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 79cc4c6495567fe7659e9e4bb5964727bf95cfc9f78d32209937d73457bd476b Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...

CVE-2025-33228

CVE-2025-33228 affects NVIDIA Nsight Systems, specifically a vulnerability in the gfx_hotspot recipe that allows an OS command injection by feeding a malicious string to the process_nsys_rep_cli.py script when invoked manually. A successful exploit could lead to code execution, privilege escalati...

Exploit for Code Injection in Laravel Livewire

CVE-2025-54068 A tool designed to exploit CVE-2025-54068 and...

📄 Siklu EtherHaul Series EH-8010 / EH-1200 Remote Command Execution

Siklu EtherHaul Series EH-8010 and EH-1200 with firmware versions between 7.4.0 and 10.7.3 suffer from a remote command execution vulnerability. Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 -...

MiracleLinux 8 : ctags-5.8-23.el8 (AXSA:2023-5722:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5722:01 advisory. ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 Tenable has extracted the preceding description block directly from t...

NVIDIA CUDA toolkit 操作系统命令注入漏洞

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...

CVE-2025-55423

A command injection vulnerability exists in the upnprelay function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system without proper validation or sanitization, allowing OS command injection...

MiracleLinux 8 : kernel-4.18.0-477.27.1.el8_8 (AXSA:2023-6444:26)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6444:26 advisory. kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling...

MiracleLinux 9 : ghostscript-9.54.0-17.el9_4 (AXSA:2024-8750:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8750:04 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution...

MiracleLinux 9 : pcp-6.2.0-2.el9 (AXSA:2024-8062:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8062:02 advisory. pcp: exposure of the redis server backend allows remote command execution via pmproxy CVE-2024-3019 Tenable has extracted the preceding description...

MiracleLinux 8 : bluez-5.63-3.el8_10.ML.1 (AXSA:2024-9445:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9445:02 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Tenable has extracted the preceding...

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

EUVD-2026-3281

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

MiracleLinux 3 : dhcp-3.0.5-23.4.0.1.AXS3 (AXSA:2011-162:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-162:01 advisory. DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration information IP...

TRENDnet TEW-811DRU Operating System Command Injection Vulnerability

The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...