PT-2026-36017

Name of the Vulnerable Software and Affected Versions PolarVista xcode-mcp-server version 1.0.0 Description An OS command injection issue exists in the MCP Interface component within the build project/run tests function of the src/index.ts file. This flaw allows a remote attacker to execute...

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

PT-2026-39213

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0383 Description An OS command injection issue exists in the netrw standard plugin. An attacker can execute arbitrary shell commands with the privileges of the Vim process by inducing a user to open a crafted URL,...

TencentOS Server 2: vim (TSSA-2026:0257)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0257 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

AlmaLinux 8 : python3 (ALSA-2026:11077)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11077 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Atlona ATOMERX21 命令注入漏洞

The Atlona ATOMERX21 is a multi-functional commercial audio-video device from Atlona Corporation. The Atlona ATOMERX21 has a command injection vulnerability, which stems from the lack of strict filtering and escaping of special characters...

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

PT-2026-35938

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

Linux Distros Unpatched Vulnerability : CVE-2026-40517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by...

AlmaLinux 8 : python3.11 (ALSA-2026:11062)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

vim security update

8.0.1763-22.0.1.el810.3 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-22.3 - Relates: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2:8.0.1763-22.2 - Resolves: RHEL-164956 vim...

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

Exploit for Command Injection in Github Enterprise_Server

ExploitCVE-2026-3854 CVE-2026-3854 is a Remote Code Executio...

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

EUVD-2026-26153

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2026-31255

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 CVSS score: 8.7, is a...

CLSA-2026-1777385906 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix command injection via newline character in glob on Unix-like systems by escaping '\n' in SHELLSPECIAL...

SUSE-SU-2026:21414-1 Security update for vim

This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: - CVE-2026-39881: missing sanitization in defineAnnoType and specialKeys can lead to arbitrary Ex command injection via a malicious NetBeans server bsc1261833...