70963 matches found
SUSE CVE-2026-40527
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
Command Injection
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list. An attacker can execute arbitrary commands by accessin...
Command Injection
Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...
DarkHole-2-Penetration-Testing-Writeup.
DarkHole-2-Penetration-Testing-Writeup. DarkHole 2 is a vulner...
CVE-2026-32311
Flowsint is affected by a high-severity vulnerability in which an attacker can create a sketch and trigger the org_to_asn transformer on an organization node to execute arbitrary OS commands as root on the host via shell metacharacters and a Docker container escape. The issue pertains to the tran...
CVE-2026-32311 Command Injection and Docker container escape allows root on host machine
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...
CVE-2026-6576
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...
CVE-2026-35582
Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...
EUVD-2026-23886
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
EUVD-2026-23895
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...
EUVD-2026-23898
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
EUVD-2026-23906
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
EUVD-2026-23879
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...
CVE-2026-26942
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...
CVE-2026-24506
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
CVE-2026-26943
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...
CVE-2026-22761
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
CVE-2026-22761
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
CVE-2026-22761
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
CVE-2026-22761
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...