CVE-2026-6849 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

OPENSUSE-SU-2026:20653-1 Security update for radare2

This update for radare2 fixes the following issues: Changes in radare2: - Update to version 6.1.4 bsc1262142, CVE-2026-40499: Analysis: improve autoname scoring, jmptbl detection, and performance Add callargs modifier, rnum expressions, and typed function context Refactor autoname into plugin;...

BIT-MLFLOW-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

CLSA-2026-1777446368 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix command injection via newline character in glob on Unix-like systems by escaping '\n' in SHELLSPECIAL...

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

python3.11 security update

An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

RLSA-2026:11062 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Exploit for OS Command Injection in Php

PHP CVE Autopilot Fully automated detection and exploitat...

web-to-domain-admin-lab

Web to Domain Admin Compromise Lab This project simulates a r...

Exploit for OS Command Injection in Asustor Data_Master

No d...

PT-2026-36023

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launche...

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

DNStwist MCP Server 命令注入漏洞

DNStwist MCP Server is a domain name security detection tool developed by Burt personally. Versions of DNStwist MCP Server 1.0.4 and earlier contained a command injection vulnerability. This vulnerability stemmed from the fuzzdomain function in the src/index.ts file, where the Request operation o...

PT-2026-35923

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

TOTOLINK N200RE 命令注入漏洞

The TOTOLINK N200RE is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK N200RE V5 version has a command injection vulnerability, which stems from the use of command injections in the formMapDelDevice function, particularly with the macstr and bandstr parameters...

DocsGPT 命令注入漏洞

DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...

CVE-2026-36841

CVE-2026-36841 affects TOTOLINK N200RE V5. The root cause is a command injection in the formMapDelDevice function exploited via the macstr and bandstr parameters. This leads to arbitrary command execution with high impact on confidentiality, integrity, and availability (per CVSS 3.1 metrics: AV:N...

EUVD-2026-26231

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

TÜBİTAK BİLGEM Pardus OS My Computer 操作系统命令注入漏洞

TÜBİTAK BİLGEM Pardus OS My Computer is a desktop component provided by the Turkish company TÜBİTAK BİLGEM, which offers functions for viewing system hardware and resource information. Versions of TÜBİTAK BİLGEM Pardus OS My Computer prior to version 0.8.0, as well as versions 0.7.5 and earlier,...

OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...