PT-2026-42126

Name of the Vulnerable Software and Affected Versions Dell SmartFabric Storage Software versions prior to 1.4.5 Description An improper neutralization of special elements used in a command, known as command injection, allows a high privileged attacker with local access to potentially gain...

RHEL 8 : python3 (RHSA-2026:19549)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19549 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2026-42385

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

Dell SmartFabric Storage Software 命令注入漏洞

Dell SmartFabric Storage Software is an independent storage software solution provided by the American company Dell. Versions of Dell SmartFabric Storage Software prior to 1.4.5 contained a command injection vulnerability. This vulnerability stemmed from improper handling of special elements with...

Cisco ThousandEyes Enterprise Agent 操作系统命令注入漏洞

Cisco ThousandEyes Enterprise Agent is an application developed by Cisco, a US-based company. It provides extended visibility, automated insights, and seamless workflows. There is a vulnerability in the Cisco ThousandEyes Enterprise Agent that involves operating system command injection. This...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1667)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1667 advisory. Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is...

PT-2026-42267

Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing Software affected versions not specified Description An OS command injection flaw exists in the HP Linux Imaging and Printing Software. This issue may allow an attacker to achieve escalation of privileges and/or...

HP Linux Imaging and Printing Software 命令注入漏洞

HP Linux Imaging and Printing Software is a software package developed by American company HP, designed for the installation, use, and management of HP printers and scanners. HP Linux Imaging and Printing Software has a command injection vulnerability, which stems from operating system command...

Fedora 44 : evince (2026-aea94fcc1c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aea94fcc1c advisory. Fix command injection CVE-2026-46529 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Fedora 43 : evince (2026-d29bd1ad07)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d29bd1ad07 advisory. Fix command injection CVE-2026-46529 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution

Potential security vulnerabilities have been identified in the HP Linux Imaging and Printing Software. These potential vulnerabilities may allow escalation of privileges and/or arbitrary code execution via command injection or buffer overflow. HP has identified affected versions and the minimum...

Command Injection

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Command Injection via the functionName parameter in the /runners/load-reader endpoint. An attacker can execute arbitrary operating system commands as the process user root in...

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

Kopia: RCE via SSH ProxyCommand Injection

Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

Important: Red Hat Security Advisory: python3.14 security update

An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Exploit for Race Condition in Canonical Ubuntu_Linux

IoT Firmware Reverse Engineering — IoT Camera Security Uni...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...