CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

CVE-2026-0855 Merit LILIN｜IP Camera - OS Command Injection

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

n8n Node.js Package 1.x < 2.0.0 Arbitrary Command Execution (N8scape)

The version of the n8n Node.js Package installed on the remote host is 1.x prior to 2.0.0. It is, therefore, affected by an arbitrary command execution vulnerability: - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in...

MAL-2026-198 Malicious code in shopee-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ba8299c56484696126f8c09607e181246e87dd9c5f6a18cee51aec5d1f5ddd8 The package shopee-chat was found to contain malicious code. Source: ghsa-malware 052cf5d16ba6c226e8563598b02f71cc8f9bddb733c4074426526c4e860c66b8 An...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Vulnerability Detection and Exploitation Tool...

Malicious code in mui7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 229ec4207198813ec81b334b0a5ac72c964258b80165cda21a1c25564819ad83 The package mui7 was found to contain malicious code. Source: ghsa-malware 81251ad548d890c9ade683aab8ffd6fb9d307a5e8bf6359d3b31f91080d26e8e Any...

MAL-2026-199 Malicious code in vet-bones (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3ce97e3af4cf9c82b0a51f4b693273ac59c6b1357b445b5613fbdcf7edec9a9 The package vet-bones was found to contain malicious code. Source: ghsa-malware 963e426141db06e18a04d497aed8ab05c8c6acfc76e6570d7c4a0bd2d81d7658 Any...

MAL-2026-200 Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...

MAL-2026-188 Malicious code in shopping-cart-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a35497d79077eb5f8f79659d420f79568f9fcf905b9ab2f2cceb043eb6eba574 The package shopping-cart-service was found to contain malicious code. Source: ghsa-malware...

PT-2026-2221

Name of the Vulnerable Software and Affected Versions OpenProject versions 16.6.1 and below Description OpenProject is a web-based project management software. A registered administrator can execute arbitrary commands by configuring the sendmail binary path and sending a test email. The issue...

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2025-46644

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization...

CVE-2025-46645

Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection due to improper neutralization of special elements. A high-privilege attacker with remote access could execute commands, potentially impacting confidentiality, integrity, and availability as described. Affected releases ...

CVE-2025-46645

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralizatio...

CVE-2025-69425 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded Tokens RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2025-46644

Dell PowerProtect Data Domain (DD OS) affected ranges: Feature Release 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, LTS2023 7.10.1.0–7.10.1.70. Description: OS Command Injection vulnerability due to improper neutralization of special elements in commands. Impact: a highly privil...