CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

CVE-2026-27650

CVE-2026-27650: OS Command Injection in BUFFALO Wi‑Fi router products. Connected sources confirm a remote, unauthenticated OS command injection risk with potential arbitrary command execution and device takeover. Affected versions are not specified in available details; exploit is described as oc...

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

📄 Generic HTTP Command Execution

This Metasploit module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells. It is likely that HTTP evasion...

PT-2026-28648

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description An OS Command Injection issue exists in NEC Platforms, Ltd. Aterm Series. This allows a malicious actor to execute arbitrary OS commands through the network...

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from OS command injection, potentially allowing for the execution of arbitrary OS commands...

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

PT-2026-28646

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description An OS Command Injection issue exists in NEC Platforms, Ltd. Aterm Series. This allows a malicious actor to execute arbitrary OS commands through the network...

PT-2026-28397

Name of the Vulnerable Software and Affected Versions AI Code affected versions not specified Description The software’s design, which includes options for executing safe and all commands, is susceptible to prompt injection attacks. The system is intended to automatically execute commands deemed...

CVE-2026-30304

In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

AI Code 安全漏洞

AI Code is a code programming assistant developed by TianGuaDuiZhang. AI Code has a security vulnerability, which stems from the design of automatic terminal command execution, making it susceptible to prompt injection attacks, potentially allowing arbitrary command execution...

CVE-2026-27602

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

GO-2026-4823 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab

PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab...

Security update for vim

This update for vim fixes the following issues: Update Vim to version 9.2.0110: CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. CVE-2026-28417: crafted URL parsed by netrw plugin can...

Malicious code in spr-i18n-labels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59aab6cd08bb49192276e3b198d9caf42969db9f6793c54f4e1ca2b49c78fc04 The package spr-i18n-labels was found to contain malicious code. Source: ghsa-malware 01ee0be82b4212526afd2aaa40dc1ba0939646f6c94911550d3b648f8cd1d38...