CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

SUSE CVE-2025-68818

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to qla2x00abortallcmds to call sp-done without...

EUVD-2025-36708

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2025-11202

CVE-2025-11202 relates to win-cli-mcp-server. The issue is in the resolveCommandPath function where a user-supplied string is used to invoke a system call without proper validation, enabling a remote command execution (RCE). The exploit is unauthenticated and would execute code in the service acc...

Windows CLI MCP Server 操作系统命令注入漏洞

Windows CLI MCP Server is a context protocol server for Simon Benedict Individual Developer. An operating system command injection vulnerability exists in Windows CLI MCP Server that stems from the resolveCommandPath method not properly validating a user input string, which could lead to remote...

VulnCheck KEV: CVE-2022-37129

D-Link DIR-816 A2v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte4836B0 by snprintf, and finally doSystem&byte4836B0; will be executed, resulting in a command injection...

PT-2025-40609

Name of the Vulnerable Software and Affected Versions win-cli-mcp-server affected versions not specified Description The software contains a command injection flaw within the resolveCommandPath function. This allows for remote code execution. The issue was discovered by Peter Girnus of Trend...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild v3.9.0 through v3.9.3, which stems from an SQL injection in the /admin/admin-cli/exec component...

CVE-2024-2708

A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

VulnCheck KEV: CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

Empty Cmd.Path can trigger unintended binary in os/exec on Windows

...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-19 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam 1.9.2 Code Execution / XSS

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-19 Vulnerability Laboratory ID VL-ID: ==================================...

FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities

Document Title: =============== FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1041 Release Date: ============= 2013-08-03 Vulnerability Laboratory ID VL-ID: ====================================...

Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability

Title: ====== Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Date: ===== 2013-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=970 VL-ID: ===== 970 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

AVAST Internet Security Suite - Persistent Vulnerabilities

Title: ====== AVAST Internet Security Suite - Persistent Vulnerabilities Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=969 VL-ID: ===== 969 Common Vulnerability Scoring System: ==================================== 3.4 Introduction: =============...