70829 matches found
ngrok 命令注入漏洞
Ngrok is a security internal network penetration and application access platform developed by the US company Ngrok. Versions 4.3.3 and 5.0.0-beta.2 of Ngrok contain command injection vulnerabilities, which are vulnerable to command injection attacks...
PT-2026-41593
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...
PT-2026-41737
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...
Alibaba Cloud Linux 3 : 0112: python3.11 (ALINUX3-SA-2026:0112)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0112 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...
PT-2026-41732
Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...
Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)
The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...
Claude HUD 代码问题漏洞
Claude HUD is a Claude Code plugin developed by Jarrod Watts, which displays context usage, tool states, and progress. Versions of Claude HUD prior to 0.0.12 contained code vulnerabilities. These vulnerabilities stemmed from command injection issues, allowing local attackers to execute arbitrary...
CVE-2025-57282
CVE-2025-57282 affects ngrok v4.3.3 and 5.0.0-beta.2 and is described as vulnerable to Command Injection. The connected documents confirm the affected software and the vulnerability class but do not provide exploitation details, root cause specifics, or remediation steps beyond what is stated. No...
CVE-2025-57282
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection...
CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767
CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...
CVE-2026-8753
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...
CVE-2026-8753 kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...
EUVD-2026-30698
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...
CVE-2026-8753 kalcaddle Kodbox fileThumb Plugin VideoResize.class.php parseVideoInfo command injection
A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The manipulation of the argument ffmpegBin leads to command...
CVE-2026-8753
CVE-2026-8753 affects kalcaddle Kodbox, specifically the fileThumb Plugin’s VideoResize.class.php (parseVideoInfo function). The vulnerability arises from manipulation of the ffmpegBin argument, enabling a remote command injection. Public exploitation details are acknowledged in the report, with ...
Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
...