CVE-2026-41247

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

Exploit for OS Command Injection in Sierrawireless Aleos

CVE-2022-46649 PoC exploit for CVE-2022-46649, a command in...

OESA-2026-2007 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

OESA-2026-2006 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

OESA-2026-2005 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

OESA-2026-2004 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

OESA-2026-2003 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of...

PT-2026-35160

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PicoClaw 注入漏洞

PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw 0.2.4 and earlier had a injection vulnerability. This vulnerability stemmed from an unknown function in the component Web Launcher Management Plane, specifically the file/api/gateway/restart, whic...

Tenda F453 注入漏洞

The Tenda F453 is a wireless router produced by the Chinese company Tenda. Versions of the Tenda F453 starting from 1.0.0.3 and earlier have a vulnerability related to command injection, which originates from the TendaTelnet function in the telnet service component, located in the...

Fedora 44 : composer (2026-1140c02041)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1140c02041 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

GitPilot MCP 注入漏洞

GitPilot MCP is an automated GitHub contribution intelligent proxy tool developed by Divyanshu Giri. The GitPilot MCP 9ed9f153ba4158a2ad230ee4871b25130da29ffd version previously had a injection vulnerability. This vulnerability stemmed from improper handling of the command parameter in the repopa...

PT-2026-35150

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

PT-2026-35165

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

Linksys MR9600 命令注入漏洞

The Linksys MR9600 is a wireless router produced by the American company Linksys. The Linksys MR9600 2.0.6.206937 version has a command injection vulnerability. This vulnerability stems from an improper handling of the parameter pin in the function BTRequestGetSmartConnectStatus within the JNAP...

Arbitrary Command Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Command Injection via the runLinux function. An attacker can execute arbitrary system commands, tamper with local files, and escalate compromise of...

electerm has Command Injection via runLinux funtion

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an exec"rm -r...

GHSA-8X35-HPH8-37HQ electerm has Command Injection via runLinux funtion

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an exec"rm -r...