CVE-2026-35071

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

CVE-2026-35071

The CVE-2026-35071 entry concerns Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, with an OS Command Injection flaw caused by improper neutralization of special elements in an OS command. A high-privilege attacker with local access could potentially exploit this to achieve command execut...

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

MAL-2026-3689 Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

EUVD-2026-29367

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

CVE-2026-34259

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

PT-2026-40337

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlyin...

LobeHub 跨站脚本漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

PT-2026-40350

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

PT-2026-40424

Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...

PT-2026-39980

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

PT-2026-40373

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

ROS-20260512-73-0006

A vulnerability in Incus container management system and virtual machine manager is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

PT-2026-40362

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified AOS-10 affected versions not specified Description An authenticated remote code execution issue exists in the web-based management interface. Improper input validation in the file path parameter within the...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from input handling defects in the Yii object creation path, which could allow any authenticated...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...

ROS-20260512-73-0007

A vulnerability in the Incus container management system and virtual machine manager is related to failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...