Exploit for OS Command Injection in Insat Masterscada

!CVEhttps://img.shields.io/badge/CVE-2026--22553-Critical-red...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-44871

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

Universal Tool Calling Protocol 操作系统命令注入漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained a vulnerability related to operating system command injection. This vulnerability stemmed from the substituteutcpargs method...

Fleet 操作系统命令注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...

CVE-2026-24712

CVE-2026-24712 affects Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0, where a component/flow allows Command injection. The connected documents confirm the vulnerability is present in those versions; no explicit root-cause details or remediation steps are prov...

Important: vim

Issue Overview: Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcard...

PT-2026-40931

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

PT-2026-41123

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The substitute utcp args function in cli communication protocol.py inserts user-controlled tool args values directly into shell command strings without sanitization or escaping. These commands ar...

mdserver-web 操作系统命令注入漏洞

mdserver-web is a Linux server management panel developed by Mr. Chen. Versions 0.18.0 to 0.18.4 of mdserver-web contain an operating system command injection vulnerability. This vulnerability stems from the lack of authentication for the /modifycrond and /starttask interfaces, which may allow...

Northern.tech CFEngine 安全漏洞

Northern.tech CFEngine is an IT infrastructure configuration management and automation framework developed by Northern.tech. There are security vulnerabilities in versions of Northern.tech CFEngine Enterprise and Community prior to 3.21.8, 3.24.3, and 3.27.0. These vulnerabilities stem from...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

HRConvert2 操作系统命令注入漏洞

HRConvert2 is a self-hosted, drag-and-drop file conversion and sharing tool developed by Justin Grimes. Versions of HRConvert2 prior to 3.3.8 had an operating system command injection vulnerability. This vulnerability stemmed from the sanitizeString function not filtering escaped quotes and tabs,...

Gotenberg 操作系统命令注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient...

RHEL 8 : python3 (RHSA-2026:17619)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17619 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2026-41135

Name of the Vulnerable Software and Affected Versions @apostrophecms/cli versions prior to 3.6.1 Description The @apostrophecms/cli package contains a command injection issue within the apos create command. User-supplied input provided during the password prompt is embedded directly into a shell...

CVE-2026-24712

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...

EUVD-2026-30276

Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection...