Exploit for CVE-2026-48732

CVE-2026-48732: Warp Remote SSH cwd Command Injection PoC...

PT-2026-48360

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

VulnCheck KEV: CVE-2026-10520

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

PT-2026-48368

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-48516

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

PT-2026-48488

CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI Severity: MEDIUM https://security.paloaltonetworks.com/CVE-2026-0273 CVE-2026-0272 PAN-OS: Privilege Escalation PE Vulnerability in the Command Line Interface CLI Severity: MEDIUM...

PT-2026-48373

CVE-2026-48703 Warp Agent: Code Search Command Injection via Grep and FileGlob https://t.co/Li4h31dQjZ...

PT-2026-48364

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-48487

CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI Severity: MEDIUM https://security.paloaltonetworks.com/CVE-2026-0273 CVE-2026-0272 PAN-OS: Privilege Escalation PE Vulnerability in the Command Line Interface CLI Severity: MEDIUM...

PT-2026-48410

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click...

EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2318)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

PT-2026-48391

Found a command injection in Warp CVE-2026-48719 A crafted Git branch name runs in the victim's shell when selected in the prompt branch selector. Responsibly disclosed and now patched. Update @warpdotdev to stay safe. https://t.co/j16vvGrYLa...

PT-2026-48361

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

PT-2026-48485

CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI Severity: MEDIUM https://security.paloaltonetworks.com/CVE-2026-0273 CVE-2026-0272 PAN-OS: Privilege Escalation PE Vulnerability in the Command Line Interface CLI Severity: MEDIUM...

EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2361)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

PT-2026-48489

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

PT-2026-48442

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...