Ubuntu: Security Advisory (USN-8078-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-8079-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

Chamilo check_parse_lang.php file OS command injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo checkparselang.php file has an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview es-toolkit is an A state-of-the-art, high-performance JavaScript utility library with a small bundle size and strong type annotations. Affected versions of this package are vulnerable to Arbitrary Code Injection. The template function in...

flask_ssti_exploit

Tools for Exploiting SSTI Vulnerabilities under Flask Di...

flask_ssti_exploit

Tools for Exploiting SSTI Vulnerabilities under Flask Di...

CVE-2026-30861

Technical details about CVE-2026-30861 are not provided in the connected documents. The initial description mentions the vulnerability and patch, but no deeper technical specifics. Monitor for updates and rely on official advisories for remediation.

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

Server-Side Template Injection

craftcms/cms is vulnerable to Template Injection. The vulnerability is due to unsafe exposure of the create Twig function allowing arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary system commands on the server...

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

PT-2026-23781

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch contains an OS command injection issue in the /goform/PingTestSet API endpoint. Unauthenticated remote attackers can execute...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Next.js RCE Scanner !Licensehttps://img.sh...

NewStart CGSL MAIN 6.06 (SP) : vim Vulnerability (NS-SA-2026-0010)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...

NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0003)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control...

USN-8079-1: less vulnerability

It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...

USN-8079-1 less vulnerability

It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...

USN-8078-1: Zutty vulnerability

Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands...