CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

EUVD-2026-13716

A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later...

CVE-2025-15607 Authenticated Command Injection in mcsd Service of TP-Link Archer AX53

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

CVE-2026-22897

QuNetSwitch is affected by a remote command injection vulnerability (CVE-2026-22897). The issue allows an attacker to execute arbitrary commands with network access, requiring no user interaction and no privileges. The root cause is a command injection reachable over the network, leading to high ...

EUVD-2024-55479

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

EUVD-2026-13543

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...

QNAP Systems QuNetSwitch 操作系统命令注入漏洞

QNAP Systems QuNetSwitch is a network management software developed by QNAP Systems, a company based in Taiwan, China. It provides centralized switch management and network configuration monitoring capabilities. Previous versions of QNAP Systems QuNetSwitch, including version 2.0.5.0906, had a...

PT-2026-26611

CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. https://t.co/m0vhXKM2HE...

SysAK 安全漏洞

SysAK is a system operation toolset open source by China Dragon Lizard anolis. Versions of SysAK prior to v2.0 contained security vulnerabilities; these vulnerabilities stemmed from command execution, potentially allowing attackers to execute arbitrary commands...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 24.04 LTS : Debian Goodies vulnerability (USN-8109-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8109-1 advisory. Jakub Wilk discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use thi...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

CVE-2024-44722

CVE-2024-44722 : The provided records identify SysAK v2.0 and earlier as vulnerable to a command-execution flaw described as via aaa;cat /etc/passwd. The sources do not provide detailed root cause analysis, affected versions beyond “v2.0 and before,” or concrete remediation steps. No exploitation...

Laravel Livewire Code Injection Vulnerability

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios...

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a security verification bypass in the plugin system, which may lead to th...

Ubuntu: Security Advisory (USN-8109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...