Flowise 操作系统命令注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from insecure serialization of printf commands in the MCP adapter,...

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...

PT-2026-34227

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The CloneSite plugin contains a flaw where the 'cloneServer.json.php' endpoint constructs shell commands using the url parameter without proper sanitization. This input is directly concatenated...

PT-2026-34192

A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...

PT-2026-33931

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

Atlassian Bamboo Data Center 安全漏洞

Atlassian Bamboo Data Center is a continuous integration and delivery server software developed by the Australian company Atlassian. There is a security vulnerability in Atlassian Bamboo Data Center, which stems from OS command injection. This vulnerability may allow authenticated attackers to...

Quantum Networks router 操作系统命令注入漏洞

The Quantum Networks router is a network routing device developed by the Indian company Quantum Networks. The Quantum Networks router QN-I-470 has a vulnerability related to operating system command injection. This vulnerability stems from insufficient input validation in the management CLI...

PT-2026-34016

🚨CVE CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do ping action function via the hostName parameter. This vulnerability allow… https://t.co/tKrNtNWoPC ----- Traducción: Se encontró que CV… https://t.co/utmtNgl3sv...

NewSoftOA 操作系统命令注入漏洞

NewSoftOA is an enterprise office automation system developed by NewSoft International of Taiwan, China. NewSoftOA has a vulnerability related to operating system command injection. This vulnerability stems from OS command injections, which may allow unauthenticated local attackers to inject and...

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2026-38835

CVE-2026-38835 affects the Tenda W30E router (V2.0, V16.01.0.21). The bug is a command injection in the formSetUSBPartitionUmount function via the usbPartitionName parameter, enabling an attacker to execute arbitrary commands through a crafted request. Metrics indicate a critical impact (CVSS v3....

SUSE CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

Command Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list. An attacker can execute arbitrary commands by accessin...

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

DarkHole-2-Penetration-Testing-Writeup.

DarkHole-2-Penetration-Testing-Writeup. DarkHole 2 is a vulner...

CVE-2026-32311

Flowsint is affected by a high-severity vulnerability in which an attacker can create a sketch and trigger the org_to_asn transformer on an organization node to execute arbitrary OS commands as root on the host via shell metacharacters and a Docker container escape. The issue pertains to the tran...

CVE-2026-32311 Command Injection and Docker container escape allows root on host machine

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...