70827 matches found
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
CVE-2026-36827
The vulnerability CVE-2026-36827 affects Panabit PAP-XM320 (up to v7.7). The web management interface calls /usr/sbin/pappiw with user-controlled inputs and uses unsafe eval for argument processing, enabling command injection. An authenticated remote attacker with access to the management UI coul...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
PT-2026-41989
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...
SUSE SLES15 Security Update : php-composer2 (SUSE-SU-2026:1970-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1970-1 advisory. This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository...
PT-2026-42169
Name of the Vulnerable Software and Affected Versions Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Evince affected versions not specified Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Papers affected versions not specified Description A command injection issue...
PT-2026-41949
Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the web management interface, which invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper uses the eval...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet access behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to V7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the W...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
CVE-2026-25244
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
CVE-2026-27130
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
EUVD-2026-30809
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-27130
CVE-2026-27130 affects Dokploy (PaaS) versions ≤ 0.26.6. The vulnerability is an OS command injection in the appName parameter, caused by three chained issues: inadequate input sanitization (cleanAppName only lowers case and replaces spaces), lack of schema validation, and direct interpolation of...
CVE-2026-27130 Dokploy has Command Injection in its Service Operations
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-27130 Dokploy has Command Injection in its Service Operations
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-27130
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...