70842 matches found
PT-2026-39336
A vulnerability has been found in Wavlink NU516U1 M16U1 V240425. Affected is the function change wifi password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl channel/wl Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit ha...
Net::IMAP 命令注入漏洞
Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 had command injection vulnerabilities. These vulnerabilities stemmed from the symbolic parameters of commands, which were vulnerable to CRLF...
Command Injection
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the setvalue function when the section parameter is not properly validated for newline characters. An attacker can execute arbitrary code by...
ALPINE-CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
DEBIAN-CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-42453
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
DEBIAN-CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
UBUNTU-CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
UBUNTU-CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...
CVE-2026-42454
Termix (web-based server management platform) prior to version 2.1.0 is vulnerable. Docker container management endpoints interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via ssh2.Client.exec(), without sanitization. An authenticated...
CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...
EUVD-2026-28863
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
CVE-2026-42453 Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
CVE-2026-42453
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...
CVE-2026-42453
Termix is affected by a command injection in the file-manager.ts endpoints extractArchive and compressFiles due to the use of double-quoted strings for shell construction, enabling $(command) substitution on the remote SSH host. This vulnerability (CVE-2026-42453) can lead to arbitrary command ex...